Skip to main content

Xcms

1 CVEs product

Monthly

CVE-2025-15110 LOW POC Monitor

Unrestricted file upload in jackq XCMS allows high-privilege authenticated users to upload arbitrary files via the ProductImageController component, with publicly available exploit code disclosed. Despite a CVSS score of 2.0 reflecting the high authentication requirement (PR:H), the vulnerability enables authenticated administrators to bypass intended upload restrictions and potentially achieve remote code execution by uploading malicious files. The vendor has been informed via public issue report but has not yet responded with a fix.

PHP Authentication Bypass File Upload Xcms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in jackq XCMS allows high-privilege authenticated users to upload arbitrary files via the ProductImageController component, with publicly available exploit code disclosed. Despite a CVSS score of 2.0 reflecting the high authentication requirement (PR:H), the vulnerability enables authenticated administrators to bypass intended upload restrictions and potentially achieve remote code execution by uploading malicious files. The vendor has been informed via public issue report but has not yet responded with a fix.

PHP Authentication Bypass File Upload +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy