Dorbycms
CVE-2025-14532
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution.
This issue was fixed in versions above 5.0.
AnalysisAI
DobryCMS has an unauthenticated file upload vulnerability allowing remote attackers to upload and execute arbitrary files on the web server.
Technical ContextAI
DobryCMS has a CWE-434 unrestricted file upload vulnerability that allows unauthenticated remote attackers to upload files of any type.
RemediationAI
Implement authentication and file type validation on all upload endpoints.
Share
External POC / Exploit Code
Leaving vuln.today