fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-10398

Source VulDB

Published Sep 14, 2025 at 12:02

Affected Product

Vendor fcba_zzm

Product ics-park Smart Park Management System

Version 2.0

Affected Versions fcba_zzm ics-park Smart Park Management System 2.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-09-14T12:02:07.266Z",
    "modified": "2025-09-14T12:02:07.266Z",
    "type": "cve",
    "title": "fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323833\nhttps://vuldb.com/?ctiid.323833\nhttps://vuldb.com/?submit.646303\nhttps://github.com/Yyjccc/CVE/issues/2",
    "id": "CVE-2025-10398",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "fcba_zzm ics-park Smart Park Management System 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ics-park Smart Park Management System",
    "version": "2.0",
    "vendor": "fcba_zzm",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload_CVE-2025-10398