Bdtask/CodeCanyon News365 profile unrestricted upload_CVE-2025-13185

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/banner_image results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-13185

Source VulDB

Published Nov 14, 2025 at 21:02

Modified Nov 14, 2025 at 21:20

Affected Product

Vendor Bdtask

Product News365

Version 7.0.0

Affected Versions Bdtask News365 7.0.0
Bdtask News365 7.0.1
Bdtask News365 7.0.2
Bdtask News365 7.0.3
CodeCanyon News365 7.0.0
CodeCanyon News365 7.0.1
CodeCanyon News365 7.0.2
CodeCanyon News365 7.0.3

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/banner_image results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-11-14T21:02:06.306Z",
    "modified": "2025-11-14T21:20:33.280Z",
    "type": "cve",
    "title": "Bdtask/CodeCanyon News365 profile unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332473\nhttps://vuldb.com/?ctiid.332473\nhttps://vuldb.com/?submit.685028\nhttps://github.com/4m3rr0r/PoCVulDb/issues/5",
    "id": "CVE-2025-13185",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Bdtask News365 7.0.0\nBdtask News365 7.0.1\nBdtask News365 7.0.2\nBdtask News365 7.0.3\nCodeCanyon News365 7.0.0\nCodeCanyon News365 7.0.1\nCodeCanyon News365 7.0.2\nCodeCanyon News365 7.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "News365",
    "version": "7.0.0",
    "vendor": "Bdtask",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}