CVE-2025-10116
Published
CVSS v3
7.3
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used.
An attacker can upload files to arbitrary directories under ../media/, including hidden ones. Though execution isn't possible, this can flood directories, exhaust disk space, and degrade performance or cause denial-of-service.
GitHub