CVE-2025-3969

MEDIUM

Codeprojects News Publishing Site Dashboard 1.0 - Unrestricted Upload

Title source: llm

Description

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 2 stars

by Stuub · poc

https://github.com/Stuub/CVE-2025-3969-Exploit

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.306305

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.306305

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.557287

[Exploit, Third Party Advisory] https://github.com/zzZxby/Vulnerability-Exploration/blob/main/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A12.md

Scores

CVSS v3 6.3

EPSS 0.0037

EPSS Percentile 59.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

code-projects/news_publishing_site_dashboard 1.0

Published Apr 27, 2025

Tracked Since Feb 18, 2026