CVE-2025-15152

MEDIUM

h-moses moga-mall <392d631a5ef15962a9bddeeb9f1269b9085473fa - Unres...

Title source: llm
STIX 2.1

Description

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

References (4)

Scores

CVSS v3 6.3
EPSS 0.0006
EPSS Percentile 20.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284 CWE-434
Status published
Products (1)
h-moses/moga-mall 392d631a5ef15962a9bddeeb9f1269b9085473fa
Published Dec 28, 2025
Tracked Since Feb 18, 2026