CVE-2025-7939 MEDIUM

CVE-2025-7939: jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload

Vendor Jerryshensjf

Product JPACookieShop 蛋糕商城JPA版

Weakness CWE-434 · Unrestricted file upload

Published July 21, 2025

Last update July 22, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

Description

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

Key dates

Disclosure timeline

July 21, 2025 CVE published

July 22, 2025 Record updated