Security Advisory

CVE-2025-2671

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-23 22:00:09

Last updated 2025-03-24 15:59:22

Assigner VulDB

State PUBLISHED

Description

A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

← Browse all CVEs View on cve.org ↗