CVE-2025-5243

Summary

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion.

This issue affects Information Portal: before 13.06.2025.

Affected Software

VendorProductVersion RangeStatus
SMG SoftwareInformation Portal0 < 13.06.2025affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References