yggcwhat - Security Researcher - Exploit Intelligence Platform

CVE-2025-46078 NOMISEC MEDIUM WORKING POC

HuoCMS V3.5.1 and before - Unrestricted Upload of File with Dangerous Type

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server

CVSS 5.3

View Code

CVE-2025-46080 NOMISEC MEDIUM WORKING POC

HuoCMS V3.5.1 - Unrestricted Upload of File with Dangerous Type via Whitelist Bypass

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.

CVSS 5.3

View Code

CVE-2025-46078 WRITEUP MEDIUM WORKING POC

HuoCMS V3.5.1 and before - Unrestricted Upload of File with Dangerous Type

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server

CVSS 5.3

View Code

CVE-2025-46080 WRITEUP MEDIUM WRITEUP

HuoCMS V3.5.1 - Unrestricted Upload of File with Dangerous Type via Whitelist Bypass

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.

CVSS 5.3

View Code