6.5
CVE-2025-5873
- EPSS 0.26%
- Veröffentlicht 09.06.2025 10:31:04
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload
A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellereCharge Hardy Barth
≫
Produkt
Salia PLCC
Version
2.3.0
Status
affected
Version
2.3.1
Status
affected
Version
2.3.2
Status
affected
Version
2.3.3
Status
affected
Version
2.3.4
Status
affected
Version
2.3.5
Status
affected
Version
2.3.6
Status
affected
Version
2.3.7
Status
affected
Version
2.3.8
Status
affected
Version
2.3.9
Status
affected
Version
2.3.10
Status
affected
Version
2.3.11
Status
affected
Version
2.3.12
Status
affected
Version
2.3.13
Status
affected
Version
2.3.14
Status
affected
Version
2.3.15
Status
affected
Version
2.3.16
Status
affected
Version
2.3.17
Status
affected
Version
2.3.18
Status
affected
Version
2.3.19
Status
affected
Version
2.3.20
Status
affected
Version
2.3.21
Status
affected
Version
2.3.22
Status
affected
Version
2.3.23
Status
affected
Version
2.3.24
Status
affected
Version
2.3.25
Status
affected
Version
2.3.26
Status
affected
Version
2.3.27
Status
affected
Version
2.3.28
Status
affected
Version
2.3.29
Status
affected
Version
2.3.30
Status
affected
Version
2.3.31
Status
affected
Version
2.3.32
Status
affected
Version
2.3.33
Status
affected
Version
2.3.34
Status
affected
Version
2.3.35
Status
affected
Version
2.3.36
Status
affected
Version
2.3.37
Status
affected
Version
2.3.38
Status
affected
Version
2.3.39
Status
affected
Version
2.3.40
Status
affected
Version
2.3.41
Status
affected
Version
2.3.42
Status
affected
Version
2.3.43
Status
affected
Version
2.3.44
Status
affected
Version
2.3.45
Status
affected
Version
2.3.46
Status
affected
Version
2.3.47
Status
affected
Version
2.3.48
Status
affected
Version
2.3.49
Status
affected
Version
2.3.50
Status
affected
Version
2.3.51
Status
affected
Version
2.3.52
Status
affected
Version
2.3.53
Status
affected
Version
2.3.54
Status
affected
Version
2.3.55
Status
affected
Version
2.3.56
Status
affected
Version
2.3.57
Status
affected
Version
2.3.58
Status
affected
Version
2.3.59
Status
affected
Version
2.3.60
Status
affected
Version
2.3.61
Status
affected
Version
2.3.62
Status
affected
Version
2.3.63
Status
affected
Version
2.3.64
Status
affected
Version
2.3.65
Status
affected
Version
2.3.66
Status
affected
Version
2.3.67
Status
affected
Version
2.3.68
Status
affected
Version
2.3.69
Status
affected
Version
2.3.70
Status
affected
Version
2.3.71
Status
affected
Version
2.3.72
Status
affected
Version
2.3.73
Status
affected
Version
2.3.74
Status
affected
Version
2.3.75
Status
affected
Version
2.3.76
Status
affected
Version
2.3.77
Status
affected
Version
2.3.78
Status
affected
Version
2.3.79
Status
affected
Version
2.3.80
Status
affected
Version
2.3.81
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.174 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 2.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://vuldb.com/?id.311632
https://vuldb.com/?ctiid.311632
https://vuldb.com/?submit.585733
https://github.com/YZS17/CVE/blob/main/Salia_PLCC/Salia_PLCC_Slave_v2.2.0_File_Upload.md