CVE-2025-11136 | YiFang CMS up to 2.0.2 Backend File.php webUploader uploadpath unrestricted upload

A vulnerability described as critical has been identified in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload.

This vulnerability is tracked as CVE-2025-11136. The attack can be launched remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More