File tree Expand file tree Collapse file tree 2 files changed +61
-29
lines changed
github-reviewed/2025/12/GHSA-qx44-p258-3c2v
unreviewed/2025/12/GHSA-qx44-p258-3c2v Expand file tree Collapse file tree 2 files changed +61
-29
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.4.0"
3+ "id" : " GHSA-qx44-p258-3c2v"
4+ "modified" : " 2025-12-23T20:00:39Z"
5+ "published" : " 2025-12-23T18:30:27Z"
6+ "aliases" : [
7+ " CVE-2025-51511"
8+ ],
9+ "summary" : " Cadmium CMS has a background arbitrary file upload vulnerability"
10+ "details" : " Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads."
11+ "severity" : [
12+ {
13+ "type" : " CVSS_V4"
14+ "score" : " CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " Packagist"
21+ "name" : " cadmium-org/cadmium-cms"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0"
29+ },
30+ {
31+ "last_affected" : " 0.4.9"
32+ }
33+ ]
34+ }
35+ ]
36+ }
37+ ],
38+ "references" : [
39+ {
40+ "type" : " ADVISORY"
41+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2025-51511"
42+ },
43+ {
44+ "type" : " WEB"
45+ "url" : " https://github.com/cadmium-org/cadmium-cms/issues/23"
46+ },
47+ {
48+ "type" : " PACKAGE"
49+ "url" : " https://github.com/cadmium-org/cadmium-cms"
50+ }
51+ ],
52+ "database_specific" : {
53+ "cwe_ids" : [
54+ " CWE-434"
55+ ],
56+ "severity" : " HIGH"
57+ "github_reviewed" : true ,
58+ "github_reviewed_at" : " 2025-12-23T20:00:39Z"
59+ "nvd_published_at" : " 2025-12-23T18:15:43Z"
60+ }
61+ }
Load Diff This file was deleted.
You can’t perform that action at this time.
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments