CVE-2025-3123

Exploit

EPSS 0.51%
Veröffentlicht 02.04.2025 23:15:17
Zuletzt bearbeitet 28.05.2025 15:56:33
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he philosophy has always been, admin [...] bear responsibility to not install themes/plugins from untrusted sources."

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wondercms ≫ Wondercms Version3.5.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.391

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.7	1.2	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.8	6.4	6.4	AV:N/AC:L/Au:M/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/WonderCMS/wondercms/issues/330

Vendor Advisory

Exploit

Issue Tracking

https://github.com/WonderCMS/wondercms/issues/330#issue-2940381112

Vendor Advisory

Exploit

Issue Tracking

https://github.com/WonderCMS/wondercms/issues/330#issuecomment-2745347770

Vendor Advisory

Exploit

Issue Tracking

https://vuldb.com/?ctiid.303014

VDB Entry

Permissions Required

https://vuldb.com/?id.303014

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.525101

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2025-3123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3123

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-3123