oitcode samarium Create Product product unrestricted upload_CVE-2025-8798

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8798

Source VulDB

Published Aug 10, 2025 at 07:02

Affected Product

Vendor oitcode

Product samarium

Version 0.9.0

Affected Versions oitcode samarium 0.9.0
oitcode samarium 0.9.1
oitcode samarium 0.9.2
oitcode samarium 0.9.3
oitcode samarium 0.9.4
oitcode samarium 0.9.5
oitcode samarium 0.9.6

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-10T07:02:05.831Z",
    "modified": "2025-08-10T07:02:05.831Z",
    "type": "cve",
    "title": "oitcode samarium Create Product product unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319326\nhttps://vuldb.com/?ctiid.319326\nhttps://vuldb.com/?submit.626077\nhttps://github.com/MaiqueSilva/VulnDB/blob/main/readme08.md",
    "id": "CVE-2025-8798",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "oitcode samarium 0.9.0\noitcode samarium 0.9.1\noitcode samarium 0.9.2\noitcode samarium 0.9.3\noitcode samarium 0.9.4\noitcode samarium 0.9.5\noitcode samarium 0.9.6",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "samarium",
    "version": "0.9.0",
    "vendor": "oitcode",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}