CVE-2025-52130_CVE-2025-52130

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Description

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.

Basic Information

ID CVE-2025-52130

Source mitre

Published Aug 25, 2025 at 00:00

Modified Aug 26, 2025 at 15:29

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-616

References

{
    "lastseen": "",
    "description": "File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.",
    "published": "2025-08-25T00:00:00.000Z",
    "modified": "2025-08-26T15:29:58.501Z",
    "type": "cve",
    "title": "CVE-2025-52130",
    "source": "mitre",
    "references": "https://github.com/SMEWebify/WebErpMesv2\nhttps://medium.com/@The_Hiker/wrong-variable-name-leads-to-rce-cve-2025-52130-8ff59a7d245c",
    "id": "CVE-2025-52130",
    "bulletinFamily": "",
    "cwe": [
        "CWE-616"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}