CVE-2025-12347 – MaxSite CMS save-file-ajax.php unrestricted upload

CVE ID : CVE-2025-12347

Published : Oct. 28, 2025, 2:02 a.m. | 42 minutes ago

Description : A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

آسیب‌پذیری‌های جدید و وصله‌های امنیتی به‌صورت مداوم منتشر می‌شوند و عدم بروزرسانی به‌موقع می‌تواند امنیت سرویس‌های حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرم‌افزارها، نصب Patchهای امنیتی و سخت‌سازی سرورها است.

خدمات مدیریت و امنیت سرور

نوشته های مشابه

CVE-2025-59872 – HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

CVE-2026-11975 – Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

CVE-2025-62340 – HCL iControl was affected by Inadequate Session Timeout vulnerability

CVE-2024-37496 – WordPress Metro Magazine theme