{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-8859","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-11T09:36:24.185Z","datePublished":"2025-08-11T14:32:05.712Z","dateUpdated":"2025-08-11T17:29:25.268Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-11T14:32:05.712Z"},"title":"code-projects eBlog Site File Upload save-slider.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"code-projects","product":"eBlog Site","versions":[{"version":"1.0","status":"affected"}],"modules":["File Upload Module"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Hierbei betrifft es unbekannten Programmcode der Datei /native/admin/save-slider.php der Komponente File Upload Module. Durch die Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-11T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-11T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-11T11:41:29.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"unjoke (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.319399","name":"VDB-319399 | code-projects eBlog Site File Upload save-slider.php unrestricted upload","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.319399","name":"VDB-319399 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.628112","name":"Submit #628112 | code-projects Project Source: 1.0 Unrestricted Upload","tags":["third-party-advisory"]},{"url":"https://github.com/unjoke/newvul/issues/1","tags":["exploit","issue-tracking"]},{"url":"https://code-projects.org/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-11T15:13:44.950941Z","id":"CVE-2025-8859","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-11T17:29:25.268Z"}}]}}