CVE-2025-12291 | ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System up to 1.1.0 Add Product Page index.php?add_product unrestricted upload

A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. It has been declared as critical. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload.

This vulnerability was named CVE-2025-12291. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More