CVE-2025-15129

Summary

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
ChenJinchuangLin-CMS-TP50.3.0affected
ChenJinchuangLin-CMS-TP50.3.1affected
ChenJinchuangLin-CMS-TP50.3.2affected
ChenJinchuangLin-CMS-TP50.3.3affected

Weaknesses

  • CWE-94: Code Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References