Unrestricted File Upload in veal98 小牛肉 Echo System 4.2
CVE-2025-3566
Key Information:
- Vendor
- Veal98 小牛肉
- Status
- Echo 开源社区系统
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A security vulnerability has been identified in the veal98 小牛肉 Echo System version 4.2, affecting the upload functionalities specifically within the uploadMdPic function. This issue allows unauthorized users to upload files without restrictions by manipulating the editormd-image-file parameter. The vulnerability is exploitable remotely, posing a significant risk to file security within the system. Public disclosure of the exploit amplifies the urgency to apply necessary mitigations.
Affected Version(s)
Echo 开源社区系统 4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved