CVE-2025-13574

medium

Description

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

References

https://vuldb.com/?submit.698718

https://vuldb.com/?submit.698717

https://vuldb.com/?id.333338

https://vuldb.com/?ctiid.333338

https://github.com/Yohane-Mashiro/cve/blob/main/upload%201.md

https://code-projects.org/

Details

Source: Mitre, NVD

Published: 2025-11-24

Updated: 2025-11-25

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00042