Unrestricted File Upload Vulnerability in Ghostxbh Uzy-SSM-Mall
CVE-2025-3558
Key Information:
- Vendor
- Ghostxbh
- Status
- Uzy-ssm-mall
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A vulnerability has been identified in Ghostxbh's Uzy-SSM-Mall version 1.0.0, which permits unrestricted file uploads through the /mall/user/uploadUserHeadImage endpoint. This flaw allows remote attackers to upload malicious files, posing significant security risks to the application and its data integrity. Despite early warnings, the vendor failed to address this disclosure, leaving users potentially exposed to exploitation. It is crucial for users to implement appropriate security measures to mitigate these risks.
Affected Version(s)
uzy-ssm-mall 1.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved