lokibhardwaj PHP-Code-For-Unlimited-File-Upload f.php cross site scripting_CVE-2025-10246

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10246

Source VulDB

Published Sep 11, 2025 at 05:02

Affected Product

Vendor lokibhardwaj

Product PHP-Code-For-Unlimited-File-Upload

Version 124fe96324915490c81eaf7db3234b0b4e4bab3c

Affected Versions lokibhardwaj PHP-Code-For-Unlimited-File-Upload 124fe96324915490c81eaf7db3234b0b4e4bab3c

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-11T05:02:07.313Z",
    "modified": "2025-09-11T05:02:07.313Z",
    "type": "cve",
    "title": "lokibhardwaj PHP-Code-For-Unlimited-File-Upload f.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323546\nhttps://vuldb.com/?ctiid.323546\nhttps://vuldb.com/?submit.642206",
    "id": "CVE-2025-10246",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "lokibhardwaj PHP-Code-For-Unlimited-File-Upload 124fe96324915490c81eaf7db3234b0b4e4bab3c",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PHP-Code-For-Unlimited-File-Upload",
    "version": "124fe96324915490c81eaf7db3234b0b4e4bab3c",
    "vendor": "lokibhardwaj",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}