{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7939","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-07-21T07:13:54.228Z","datePublished":"2025-07-21T20:32:05.579Z","dateUpdated":"2025-07-22T16:05:12.575Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-07-21T20:32:05.579Z"},"title":"jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"jerryshensjf","product":"JPACookieShop 蛋糕商城JPA版","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 ausgemacht. Hiervon betroffen ist die Funktion addGoods der Datei GoodsController.java. Dank Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-07-21T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-07-21T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-07-21T09:19:01.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"HJAQiang (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.317076","name":"VDB-317076 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.317076","name":"VDB-317076 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.618986","name":"Submit #618986 | Gitee 蛋糕商城JPA版 1.0 Unrestricted Upload","tags":["third-party-advisory"]},{"url":"https://github.com/Bemcliu/cve-reports/blob/main/cve-03-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Arbitrary%20File%20Upload/readme.md","tags":["related"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-22T16:05:04.619964Z","id":"CVE-2025-7939","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-22T16:05:12.575Z"}}]}}