CVE-2025-13185
BaseFortify
Publication date: 2025-11-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bdtask | news365 | to 7.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in Bdtask/CodeCanyon News365 up to version 7.0.3, specifically in an unknown function within the /admin/dashboard/profile file. It involves manipulation of the profile_image/banner_image argument, which allows an attacker to upload files without restrictions. The attack can be performed remotely, and the exploit has been publicly released.
How can this vulnerability impact me? :
The vulnerability allows an attacker to upload files without restriction, which can lead to unauthorized access, data modification, or service disruption. Since the attack can be launched remotely, it increases the risk of compromise. The CVSS scores indicate low to medium severity with potential impacts on confidentiality, integrity, and availability.