Search criteria
2 vulnerabilities by taisan
CVE-2025-1113 (GCVE-0-2025-1113)
Vulnerability from cvelistv5 – Published: 2025-02-07 21:31 – Updated: 2025-02-07 22:48
VLAI?
Title
taisan tarzan-cms Add Theme admin#themes upload deserialization
Summary
A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| taisan | tarzan-cms |
Affected:
1.0
|
Credits
VulDB Gitee Analyzer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1113",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T22:48:21.184833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T22:48:37.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Theme Handler"
],
"product": "tarzan-cms",
"vendor": "taisan",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in taisan tarzan-cms bis 1.0.0 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion upload der Datei /admin#themes der Komponente Add Theme Handler. Durch Beeinflussen mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T21:31:09.189Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295019 | taisan tarzan-cms Add Theme admin#themes upload deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295019"
},
{
"name": "VDB-295019 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295019"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-07T17:24:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "taisan tarzan-cms Add Theme admin#themes upload deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1113",
"datePublished": "2025-02-07T21:31:09.189Z",
"dateReserved": "2025-02-07T16:18:54.497Z",
"dateUpdated": "2025-02-07T22:48:37.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13022 (GCVE-0-2024-13022)
Vulnerability from cvelistv5 – Published: 2024-12-29 20:00 – Updated: 2024-12-30 16:09
VLAI?
Title
taisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted upload
Summary
A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| taisan | tarzan-cms |
Affected:
1.0.0
|
Credits
redpomelo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:09:35.808768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:09:52.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Article Management"
],
"product": "tarzan-cms",
"vendor": "taisan",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "redpomelo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in taisan tarzan-cms 1.0.0 gefunden. Dabei betrifft es die Funktion UploadResponse der Datei src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java der Komponente Article Management. Mittels Manipulieren des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-29T20:00:13.083Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289713 | taisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.289713"
},
{
"name": "VDB-289713 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289713"
},
{
"name": "Submit #467471 | tarzan-cms 1.0.0 Incomplete Identification of Uploaded File Variables",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.467471"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/taisan/tarzan-cms/issues/IBCUPG"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-28T17:35:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "taisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13022",
"datePublished": "2024-12-29T20:00:13.083Z",
"dateReserved": "2024-12-28T16:29:49.749Z",
"dateUpdated": "2024-12-30T16:09:52.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}