zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload_CVE-2025-11320

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2025-11320

Source VulDB

Published Oct 6, 2025 at 04:32

Affected Product

Vendor zhuimengshaonian

Product wisdom-education

Version 1.0.0

Affected Versions zhuimengshaonian wisdom-education 1.0.0
zhuimengshaonian wisdom-education 1.0.1
zhuimengshaonian wisdom-education 1.0.2
zhuimengshaonian wisdom-education 1.0.3
zhuimengshaonian wisdom-education 1.0.4

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-10-06T04:32:06.583Z",
    "modified": "2025-10-06T04:32:06.583Z",
    "type": "cve",
    "title": "zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327201\nhttps://vuldb.com/?ctiid.327201\nhttps://vuldb.com/?submit.664392\nhttps://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md\nhttps://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md#vulnerability-reproduction",
    "id": "CVE-2025-11320",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "zhuimengshaonian wisdom-education 1.0.0\nzhuimengshaonian wisdom-education 1.0.1\nzhuimengshaonian wisdom-education 1.0.2\nzhuimengshaonian wisdom-education 1.0.3\nzhuimengshaonian wisdom-education 1.0.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wisdom-education",
    "version": "1.0.0",
    "vendor": "zhuimengshaonian",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}