CVE-2025-52353
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-09-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uatech | badaso | 2.9.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Badaso CMS 2.9.11 allows authenticated users to upload files containing embedded PHP code through the Media Manager's file-upload endpoint. The system fails to properly validate the content type, enabling attackers to upload malicious files. When these files are accessed via their URL, the server executes the embedded PHP code, allowing the attacker to run arbitrary system commands and potentially take full control of the underlying host.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary code on the server hosting Badaso CMS, leading to full compromise of the system. This can result in unauthorized access, data theft, data manipulation, service disruption, or using the compromised server as a launch point for further attacks.