CVE-2025-29866
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-07
Assigner: KrCERT/CC
Description
Description
: External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| x-free_uploader | x-free_uploader | 2.0.1.0034 |
| x-free_uploader | x-free_uploader | 1.0.1.0084 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an External Control of File Name or Path issue in TAGFREE X-Free Uploader XFU. It allows parameter injection, meaning an attacker can manipulate file names or paths externally, potentially leading to unauthorized file access or manipulation.
How can this vulnerability impact me? :
The vulnerability can allow attackers to inject parameters that control file names or paths, which may lead to unauthorized access, modification, or overwriting of files. This can compromise system integrity, confidentiality, and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70