Unrestricted File Upload Vulnerability in UkrSolution Barcode Scanner and Inventory Manager
CVE-2025-22723

9.1CRITICAL

Key Information:

Vendor: Ukrsolution
Status: Barcode Scanner With Inventory & Order Manager
Vendor: CVE Published:; 21 January 2025

Summary

The UkrSolution Barcode Scanner with Inventory & Order Manager is susceptible to an unrestricted upload vulnerability that permits attackers to upload malicious files, specifically web shells, onto the web server. This flaw exists in versions ranging from n/a up to 1.6.7, potentially allowing unauthorized access and control over the affected systems. Organizations using this product should prioritize immediate updates and patches to mitigate associated risks.

Affected Version(s)

Barcode Scanner with Inventory & Order Manager <= 1.6.7

References

https://patchstack.com/database/wordpress/plugin/barcode-...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

l8BL (Patchstack Alliance)