7.5
CVE-2025-10371
- EPSS 0.33%
- Veröffentlicht 13.09.2025 17:32:06
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
eCharge Hardy Barth Salia PLCC api.php unrestricted upload
A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellereCharge Hardy Barth
≫
Produkt
Salia PLCC
Version
2.3.0
Status
affected
Version
2.3.1
Status
affected
Version
2.3.2
Status
affected
Version
2.3.3
Status
affected
Version
2.3.4
Status
affected
Version
2.3.5
Status
affected
Version
2.3.6
Status
affected
Version
2.3.7
Status
affected
Version
2.3.8
Status
affected
Version
2.3.9
Status
affected
Version
2.3.10
Status
affected
Version
2.3.11
Status
affected
Version
2.3.12
Status
affected
Version
2.3.13
Status
affected
Version
2.3.14
Status
affected
Version
2.3.15
Status
affected
Version
2.3.16
Status
affected
Version
2.3.17
Status
affected
Version
2.3.18
Status
affected
Version
2.3.19
Status
affected
Version
2.3.20
Status
affected
Version
2.3.21
Status
affected
Version
2.3.22
Status
affected
Version
2.3.23
Status
affected
Version
2.3.24
Status
affected
Version
2.3.25
Status
affected
Version
2.3.26
Status
affected
Version
2.3.27
Status
affected
Version
2.3.28
Status
affected
Version
2.3.29
Status
affected
Version
2.3.30
Status
affected
Version
2.3.31
Status
affected
Version
2.3.32
Status
affected
Version
2.3.33
Status
affected
Version
2.3.34
Status
affected
Version
2.3.35
Status
affected
Version
2.3.36
Status
affected
Version
2.3.37
Status
affected
Version
2.3.38
Status
affected
Version
2.3.39
Status
affected
Version
2.3.40
Status
affected
Version
2.3.41
Status
affected
Version
2.3.42
Status
affected
Version
2.3.43
Status
affected
Version
2.3.44
Status
affected
Version
2.3.45
Status
affected
Version
2.3.46
Status
affected
Version
2.3.47
Status
affected
Version
2.3.48
Status
affected
Version
2.3.49
Status
affected
Version
2.3.50
Status
affected
Version
2.3.51
Status
affected
Version
2.3.52
Status
affected
Version
2.3.53
Status
affected
Version
2.3.54
Status
affected
Version
2.3.55
Status
affected
Version
2.3.56
Status
affected
Version
2.3.57
Status
affected
Version
2.3.58
Status
affected
Version
2.3.59
Status
affected
Version
2.3.60
Status
affected
Version
2.3.61
Status
affected
Version
2.3.62
Status
affected
Version
2.3.63
Status
affected
Version
2.3.64
Status
affected
Version
2.3.65
Status
affected
Version
2.3.66
Status
affected
Version
2.3.67
Status
affected
Version
2.3.68
Status
affected
Version
2.3.69
Status
affected
Version
2.3.70
Status
affected
Version
2.3.71
Status
affected
Version
2.3.72
Status
affected
Version
2.3.73
Status
affected
Version
2.3.74
Status
affected
Version
2.3.75
Status
affected
Version
2.3.76
Status
affected
Version
2.3.77
Status
affected
Version
2.3.78
Status
affected
Version
2.3.79
Status
affected
Version
2.3.80
Status
affected
Version
2.3.81
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.246 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 5.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://vuldb.com/?id.323779
https://vuldb.com/?ctiid.323779
https://vuldb.com/?submit.643535
https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md
https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md#poc