A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-1649 A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 21 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared 1902756969
1902756969 reggie
CPEs cpe:2.3:a:1902756969:reggie:1.0:*:*:*:*:*:*:*
Vendors & Products 1902756969
1902756969 reggie

Mon, 13 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 12 Jan 2025 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title 1902756969 reggie CommonController.java upload unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-01-13T15:09:36.205Z

Reserved: 2025-01-12T09:51:21.401Z

Link: CVE-2025-0402

cve-icon Vulnrichment

Updated: 2025-01-13T15:09:31.918Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-13T00:15:07.707

Modified: 2025-10-21T11:43:03.437

Link: CVE-2025-0402

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.