Unrestricted File Upload Vulnerability in Simple E-Document by SourceForge
CVE-2014-125126
Key Information:
- Vendor
Simple E-document
- Status
- Vendor
- CVE Published:
- 31 July 2025
Badges
What is CVE-2014-125126?
An unrestricted file upload vulnerability in Simple E-Document versions 3.0 to 3.1 allows unauthenticated users to exploit the application by sending a specific cookie header ('access=3'). This enables attackers to bypass authentication and upload malicious files, such as .php scripts, without validation. If file uploads are enabled, an attacker can use this flaw to execute arbitrary code on the server, potentially leading to complete system compromise.
Affected Version(s)
Simple E-Document 3.0 <= 3.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved