Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
AnalysisAI
A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.
Technical ContextAI
CWE-434 (Unrestricted File Upload). CVSS 7.2 indicates high severity.
RemediationAI
Monitor vendor channels for patch availability.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18127