{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-1355","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-02-15T15:29:52.761Z","datePublished":"2025-02-16T17:00:09.104Z","dateUpdated":"2025-02-19T14:08:06.770Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-02-16T17:00:09.104Z"},"title":"needyamin Library Card System Add Picture signup.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"needyamin","product":"Library Card System","versions":[{"version":"1.0","status":"affected"}],"modules":["Add Picture"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In needyamin Library Card System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /signup.php der Komponente Add Picture. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-02-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-02-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-02-15T16:34:59.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Maloy Roy Orko","type":"finder"},{"lang":"en","value":"MaloyRoyOrko (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.295963","name":"VDB-295963 | needyamin Library Card System Add Picture signup.php unrestricted upload","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.295963","name":"VDB-295963 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.496075","name":"Submit #496075 | Needyamin Library-Card-System 1.0 Unrestricted File Upload","tags":["third-party-advisory"]},{"url":"https://www.websecurityinsights.my.id/2025/02/library-card-system-shell-by-maloyroyorko.html","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-19T14:08:00.361375Z","id":"CVE-2025-1355","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-19T14:08:06.770Z"}}]}}