299Ko CMS File Management view unrestricted upload

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title	299Ko CMS File Management view unrestricted upload
Type	cve
Published	2025-07-28T08:02:05.608Z
Modified	2025-07-28T08:02:05.608Z

Product Information

Vendor	299Ko
Product	CMS
Version	2.0.0

CVSS Information

Base Score	5.1 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected Products

299Ko CMS 2.0.0

Additional Information

CWE List	CWE-434, CWE-284
Source	VulDB

Description

A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/?id.317853
https://vuldb.com/?ctiid.317853
https://vuldb.com/?submit.617651
https://github.com/loopholesgenius/cve/blob/main/There%20is%20a%20file%20management%20section%20in%20the%20background%20management%20(1).pdf

View Full CVE Details