File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-616 | |
Metrics |
cvssV3_1
|
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-26T15:29:58.501Z
Reserved: 2025-06-16T00:00:00.000Z
Link: CVE-2025-52130

Updated: 2025-08-26T15:29:49.864Z

Status : Awaiting Analysis
Published: 2025-08-25T20:15:40.700
Modified: 2025-08-26T16:15:36.943
Link: CVE-2025-52130

No data.

No data.