xujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted upload_CVE-2025-9795

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-9795

Source VulDB

Published Sep 1, 2025 at 21:02

Affected Product

Vendor xujeff

Product tianti 天梯

Version 2.0

Affected Versions xujeff tianti 天梯 2.0
xujeff tianti 天梯 2.1
xujeff tianti 天梯 2.2
xujeff tianti 天梯 2.3

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in xujeff tianti \u5929\u68af up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-01T21:02:06.245Z",
    "modified": "2025-09-01T21:02:06.245Z",
    "type": "cve",
    "title": "xujeff tianti \u5929\u68af UploadController.java ajaxUploadFile unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322110\nhttps://vuldb.com/?ctiid.322110\nhttps://vuldb.com/?submit.641122\nhttps://github.com/xujeff/tianti/issues/43\nhttps://github.com/xujeff/tianti/issues/43#issue-3287851827",
    "id": "CVE-2025-9795",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "xujeff tianti \u5929\u68af 2.0\nxujeff tianti \u5929\u68af 2.1\nxujeff tianti \u5929\u68af 2.2\nxujeff tianti \u5929\u68af 2.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "tianti \u5929\u68af",
    "version": "2.0",
    "vendor": "xujeff",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}