Arbitrary File Upload in SMG Software’s Information Portal_CVE-2025-5243

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion.This issue affects Information Portal: before 13.06.2025.

Basic Information

ID CVE-2025-5243

Source TR-CERT

Published Jul 24, 2025 at 12:45

Modified Jul 24, 2025 at 13:36

Affected Product

Vendor SMG Software

Product Information Portal

Affected Versions SMG Software Information Portal 0

CWE Classification

CWE-434 CWE-78

References

www.usom.gov.tr /bildirim/tr-25-0174

{
    "lastseen": "",
    "description": "Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion.This issue affects Information Portal: before 13.06.2025.",
    "published": "2025-07-24T12:45:22.450Z",
    "modified": "2025-07-24T13:36:01.931Z",
    "type": "cve",
    "title": "Arbitrary File Upload in SMG Software's Information Portal",
    "source": "TR-CERT",
    "references": "https://www.usom.gov.tr/bildirim/tr-25-0174",
    "id": "CVE-2025-5243",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "SMG Software Information Portal 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Information Portal",
    "version": "0",
    "vendor": "SMG Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}