CVE-2025-15360 | newbee-mall-plus 2.0.0 Product Information Edit Page UploadController.java upload File unrestricted upload

Uncategorized
Yanac

A vulnerability classified as critical has been found in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload.

This vulnerability appears as CVE-2025-15360. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More