CVE-2025-8526
Published
CVSS v3
6.3
MEDIUM
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
基于Spring Boot 2.x的一站式前后端分离快速开发平台XBoot 微信小程序+Uniapp 前端:Vue+iView Admin 后端:Spring Boot 2.x/Spring Security/JWT/JPA+Mybatis-Plus/Redis/Elasticsearch/Activiti 分布式限流/同步锁/验证码/SnowFlake雪花算法ID 动态权限 数据权限 工作流 代码生成 定时任务 社交账号 短信登录 单点登录 OAuth2开放平台 客服机器人 数据大屏 暗黑模式
GitHub