CVE Details
Basic Information
| Title |
llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload |
| Type |
cve |
| Published |
2025-05-26T05:31:06.173Z |
| Last Seen |
|
Product Information
| Vendor |
llisoft |
| Product |
MTA Maita Training System |
| Version |
4.5 |
CVSS Information
| Base Score |
5.3 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A critical vulnerability in llisoft MTA Maita Training System 4.5 allows unrestricted file uploads via the OpenController.java file. The vulnerability is remotely exploitable and has been publicly disclosed. The vendor did not respond to the disclosure. |
| AI Severity |
High |
| Vendor |
llisoft |
| Product |
MTA Maita Training System |
| Affected Version |
4.5 |
Additional Information
| CVE List |
|
| CWE List |
CWE-434, CWE-284 |
| Bulletin Family |
|
| Source Data |
llisoft MTA Maita Training System 4.5 |
Source Information
| Source Data |
llisoft MTA Maita Training System 4.5 |
| Source Link |
|
Description
A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
View Full CVE Details
