ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection_CVE-2025-15129

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-15129

Source VulDB

Published Dec 28, 2025 at 09:02

Affected Product

Vendor ChenJinchuang

Product Lin-CMS-TP5

Version 0.3.0

Affected Versions ChenJinchuang Lin-CMS-TP5 0.3.0
ChenJinchuang Lin-CMS-TP5 0.3.1
ChenJinchuang Lin-CMS-TP5 0.3.2
ChenJinchuang Lin-CMS-TP5 0.3.3

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2025-12-28T09:02:10.127Z",
    "modified": "2025-12-28T09:02:10.127Z",
    "type": "cve",
    "title": "ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338507\nhttps://vuldb.com/?ctiid.338507\nhttps://vuldb.com/?submit.712754\nhttps://github.com/ChenJinchuang/lin-cms-tp5/issues/65",
    "id": "CVE-2025-15129",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "ChenJinchuang Lin-CMS-TP5 0.3.0\nChenJinchuang Lin-CMS-TP5 0.3.1\nChenJinchuang Lin-CMS-TP5 0.3.2\nChenJinchuang Lin-CMS-TP5 0.3.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Lin-CMS-TP5",
    "version": "0.3.0",
    "vendor": "ChenJinchuang",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}