Description

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In needyamin Library Card System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /signup.php der Komponente Add Picture. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-1355

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products

Vendor: needyamin

Product: Library Card System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.31% (probability of being exploited)

EPSS Percentile: 70.4% (scored less or equal to compared to others)

EPSS Date: 2025-03-17 (when was this score calculated)

References

https://vuldb.com/?id.295963
https://vuldb.com/?ctiid.295963
https://vuldb.com/?submit.496075
https://www.websecurityinsights.my.id/2025/02/library-card-system-shell-by-maloyroyorko.html

Timeline