CVE-2025-11136
BaseFortify
Publication date: 2025-09-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wanglongcn | yifang | to 2.0.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11136 is a vulnerability in YiFang CMS up to version 2.0.2, specifically in the webUploader function of the Backend component. It allows an attacker who has authenticated access to manipulate the uploadpath argument to perform unrestricted file uploads. This means an attacker can upload malicious files, such as webshells, to the server, potentially leading to remote code execution. The vulnerability is remotely exploitable and has a publicly available proof-of-concept exploit. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to upload arbitrary files to your server, including malicious scripts or webshells. Once uploaded, these files can be used to execute arbitrary code remotely, potentially leading to full server compromise. This affects the confidentiality, integrity, and availability of your system, as attackers may gain unauthorized access, modify data, or disrupt services. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the presence of the vulnerable endpoint in your YiFang CMS installation, specifically the file path `app/app/controller/File.php` with the `webUploader` function. You can use Google dorking with queries like `inurl:app/app/controller/File.php` to identify potentially vulnerable targets. On your system, monitoring for unusual file upload activity or attempts to manipulate the `uploadpath` parameter in requests to this endpoint may indicate exploitation attempts. Since the exploit requires authentication, reviewing logs for authenticated users performing suspicious uploads is recommended. Specific commands to detect this might include using curl or wget to test the upload endpoint with crafted parameters after authentication, or using web application scanners that can test for unrestricted file upload vulnerabilities. However, no exact detection commands are provided in the resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the vulnerable `webUploader` functionality in the YiFang CMS if possible. Since no known countermeasures or patches have been published, it is suggested to replace the affected product with an alternative CMS. Additionally, restricting access to the upload interface to trusted users only, monitoring for suspicious upload activity, and applying strict validation and sanitization on file uploads can help reduce risk. Applying network-level protections such as web application firewalls (WAF) to block malicious upload attempts may also help. Ultimately, upgrading to a fixed version or switching to a different CMS is recommended once available. [1]