MaxSite CMS save-file-ajax.php unrestricted upload_CVE-2025-12347

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-12347

Source VulDB

Published Oct 28, 2025 at 02:02

Affected Product

Vendor MaxSite

Product CMS

Version 109

Affected Versions MaxSite CMS 109

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-28T02:02:13.123Z",
    "modified": "2025-10-28T02:02:13.123Z",
    "type": "cve",
    "title": "MaxSite CMS save-file-ajax.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330137\nhttps://vuldb.com/?ctiid.330137\nhttps://vuldb.com/?submit.674552\nhttps://note-hxlab.wetolink.com/share/lIWZkTHQPSVh",
    "id": "CVE-2025-12347",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "MaxSite CMS 109",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CMS",
    "version": "109",
    "vendor": "MaxSite",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}