ProudMuBai GoFilm FileController.go SingleUpload unrestricted upload_CVE-2025-13949

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-13949

Source VulDB

Published Dec 3, 2025 at 14:32

Modified Dec 3, 2025 at 14:51

Affected Product

Vendor ProudMuBai

Product GoFilm

Version 1.0.0

Affected Versions ProudMuBai GoFilm 1.0.0
ProudMuBai GoFilm 1.0.1

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-03T14:32:09.694Z",
    "modified": "2025-12-03T14:51:59.543Z",
    "type": "cve",
    "title": "ProudMuBai GoFilm FileController.go SingleUpload unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334164\nhttps://vuldb.com/?ctiid.334164\nhttps://vuldb.com/?submit.692774\nhttps://github.com/yzlala1147/cve/issues/1",
    "id": "CVE-2025-13949",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "ProudMuBai GoFilm 1.0.0\nProudMuBai GoFilm 1.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GoFilm",
    "version": "1.0.0",
    "vendor": "ProudMuBai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}