V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2025-0346
CVE
Medium

A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part …

CVSS
5.1
Medium
EPSS
0.01
p40
Published
2025-01-01
Updated
2025-01-01
Description

A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Tags · CWE
CWE-284
CAPEC-19
CAPEC-441
CAPEC-478
CAPEC-479
CAPEC-502
CAPEC-503
CAPEC-536
CAPEC-546
CAPEC-550
CAPEC-551
CAPEC-552
CAPEC-556
CAPEC-558
CAPEC-562
CAPEC-563
CAPEC-564
CAPEC-578
Affected products
Content_management_system
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Attack Requirements
AT: N
None
Privileges Required
PR: H
High (H)
User Interaction
UI: N
None (N)
Vulnerable System Confidentiality
VC: L
Low (L)
Vulnerable System Integrity
VI: L
Low (L)
Vulnerable System Availability
VA: L
Low (L)
Subsequent System Confidentiality
SC: N
None (N)
Subsequent System Integrity
SI: N
None (N)
Subsequent System Availability
SA: N
None (N)
Exploit Code Maturity
E: X
Not Defined
Confidentiality Requirement
CR: X
Not Defined
Integrity Requirement
IR: X
Not Defined
Availability Requirement
AR: X
Not Defined
Modified Attack Vector
MAV: X
Not Defined
Modified Attack Complexity
MAC: X
Not Defined
Modified Attack Requirements
MAT: X
Not Defined
Modified Privileges Required
MPR: X
Not Defined
Modified User Interaction
MUI: X
Not Defined
Modified Vulnerable System Confidentiality
MVC: X
Not Defined
Modified Vulnerable System Integrity
MVI: X
Not Defined
Modified Vulnerable System Availability
MVA: X
Not Defined
Modified Subsequent System Confidentiality
MSC: X
Not Defined
Modified Subsequent System Integrity
MSI: X
Not Defined
Modified Subsequent System Availability
MSA: X
Not Defined
s
S: X
X
au
AU: X
X
r
R: X
X
v
V: X
X
re
RE: X
X
u
U: X
X
Exploit indicators
EPSS
0.005 · p40
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-552 · CWE-284
└ via CAPEC-19 · CWE-284
└ via CAPEC-564 · CWE-284
└ via CAPEC-562 · CWE-284
└ via CAPEC-558 · CWE-284
└ via CAPEC-552 · CWE-284
└ via CAPEC-550 · CWE-284
└ via CAPEC-564 · CWE-284
└ via CAPEC-478 · CWE-284
└ via CAPEC-564 · CWE-284
└ via CAPEC-556 · CWE-284
└ via CAPEC-19 · CWE-284
└ via CAPEC-558 · CWE-284
└ via CAPEC-19 · CWE-284
└ via CAPEC-564 · CWE-284
└ via CAPEC-552 · CWE-284
└ via CAPEC-479 · CWE-284
└ via CAPEC-578 · CWE-284
└ via CAPEC-478 · CWE-284
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Code Projects
Content Management System
ProductVendorStatus
content_management_system*Tracked
Source databases
CVE