CVE-2025-10371 (GCVE-0-2025-10371)
Vulnerability from cvelistv5 – Published: 2025-09-13 17:32 – Updated: 2026-01-09 00:12
VLAI?
Title
eCharge Hardy Barth Salia PLCC api.php unrestricted upload
Summary
A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eCharge Hardy Barth | Salia PLCC |
Affected:
2.3.0
Affected: 2.3.1 Affected: 2.3.2 Affected: 2.3.3 Affected: 2.3.4 Affected: 2.3.5 Affected: 2.3.6 Affected: 2.3.7 Affected: 2.3.8 Affected: 2.3.9 Affected: 2.3.10 Affected: 2.3.11 Affected: 2.3.12 Affected: 2.3.13 Affected: 2.3.14 Affected: 2.3.15 Affected: 2.3.16 Affected: 2.3.17 Affected: 2.3.18 Affected: 2.3.19 Affected: 2.3.20 Affected: 2.3.21 Affected: 2.3.22 Affected: 2.3.23 Affected: 2.3.24 Affected: 2.3.25 Affected: 2.3.26 Affected: 2.3.27 Affected: 2.3.28 Affected: 2.3.29 Affected: 2.3.30 Affected: 2.3.31 Affected: 2.3.32 Affected: 2.3.33 Affected: 2.3.34 Affected: 2.3.35 Affected: 2.3.36 Affected: 2.3.37 Affected: 2.3.38 Affected: 2.3.39 Affected: 2.3.40 Affected: 2.3.41 Affected: 2.3.42 Affected: 2.3.43 Affected: 2.3.44 Affected: 2.3.45 Affected: 2.3.46 Affected: 2.3.47 Affected: 2.3.48 Affected: 2.3.49 Affected: 2.3.50 Affected: 2.3.51 Affected: 2.3.52 Affected: 2.3.53 Affected: 2.3.54 Affected: 2.3.55 Affected: 2.3.56 Affected: 2.3.57 Affected: 2.3.58 Affected: 2.3.59 Affected: 2.3.60 Affected: 2.3.61 Affected: 2.3.62 Affected: 2.3.63 Affected: 2.3.64 Affected: 2.3.65 Affected: 2.3.66 Affected: 2.3.67 Affected: 2.3.68 Affected: 2.3.69 Affected: 2.3.70 Affected: 2.3.71 Affected: 2.3.72 Affected: 2.3.73 Affected: 2.3.74 Affected: 2.3.75 Affected: 2.3.76 Affected: 2.3.77 Affected: 2.3.78 Affected: 2.3.79 Affected: 2.3.80 Affected: 2.3.81 |
Credits
XU-17 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10371",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:39:44.052956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:39:52.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Salia PLCC",
"vendor": "eCharge Hardy Barth",
"versions": [
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.4"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.3.6"
},
{
"status": "affected",
"version": "2.3.7"
},
{
"status": "affected",
"version": "2.3.8"
},
{
"status": "affected",
"version": "2.3.9"
},
{
"status": "affected",
"version": "2.3.10"
},
{
"status": "affected",
"version": "2.3.11"
},
{
"status": "affected",
"version": "2.3.12"
},
{
"status": "affected",
"version": "2.3.13"
},
{
"status": "affected",
"version": "2.3.14"
},
{
"status": "affected",
"version": "2.3.15"
},
{
"status": "affected",
"version": "2.3.16"
},
{
"status": "affected",
"version": "2.3.17"
},
{
"status": "affected",
"version": "2.3.18"
},
{
"status": "affected",
"version": "2.3.19"
},
{
"status": "affected",
"version": "2.3.20"
},
{
"status": "affected",
"version": "2.3.21"
},
{
"status": "affected",
"version": "2.3.22"
},
{
"status": "affected",
"version": "2.3.23"
},
{
"status": "affected",
"version": "2.3.24"
},
{
"status": "affected",
"version": "2.3.25"
},
{
"status": "affected",
"version": "2.3.26"
},
{
"status": "affected",
"version": "2.3.27"
},
{
"status": "affected",
"version": "2.3.28"
},
{
"status": "affected",
"version": "2.3.29"
},
{
"status": "affected",
"version": "2.3.30"
},
{
"status": "affected",
"version": "2.3.31"
},
{
"status": "affected",
"version": "2.3.32"
},
{
"status": "affected",
"version": "2.3.33"
},
{
"status": "affected",
"version": "2.3.34"
},
{
"status": "affected",
"version": "2.3.35"
},
{
"status": "affected",
"version": "2.3.36"
},
{
"status": "affected",
"version": "2.3.37"
},
{
"status": "affected",
"version": "2.3.38"
},
{
"status": "affected",
"version": "2.3.39"
},
{
"status": "affected",
"version": "2.3.40"
},
{
"status": "affected",
"version": "2.3.41"
},
{
"status": "affected",
"version": "2.3.42"
},
{
"status": "affected",
"version": "2.3.43"
},
{
"status": "affected",
"version": "2.3.44"
},
{
"status": "affected",
"version": "2.3.45"
},
{
"status": "affected",
"version": "2.3.46"
},
{
"status": "affected",
"version": "2.3.47"
},
{
"status": "affected",
"version": "2.3.48"
},
{
"status": "affected",
"version": "2.3.49"
},
{
"status": "affected",
"version": "2.3.50"
},
{
"status": "affected",
"version": "2.3.51"
},
{
"status": "affected",
"version": "2.3.52"
},
{
"status": "affected",
"version": "2.3.53"
},
{
"status": "affected",
"version": "2.3.54"
},
{
"status": "affected",
"version": "2.3.55"
},
{
"status": "affected",
"version": "2.3.56"
},
{
"status": "affected",
"version": "2.3.57"
},
{
"status": "affected",
"version": "2.3.58"
},
{
"status": "affected",
"version": "2.3.59"
},
{
"status": "affected",
"version": "2.3.60"
},
{
"status": "affected",
"version": "2.3.61"
},
{
"status": "affected",
"version": "2.3.62"
},
{
"status": "affected",
"version": "2.3.63"
},
{
"status": "affected",
"version": "2.3.64"
},
{
"status": "affected",
"version": "2.3.65"
},
{
"status": "affected",
"version": "2.3.66"
},
{
"status": "affected",
"version": "2.3.67"
},
{
"status": "affected",
"version": "2.3.68"
},
{
"status": "affected",
"version": "2.3.69"
},
{
"status": "affected",
"version": "2.3.70"
},
{
"status": "affected",
"version": "2.3.71"
},
{
"status": "affected",
"version": "2.3.72"
},
{
"status": "affected",
"version": "2.3.73"
},
{
"status": "affected",
"version": "2.3.74"
},
{
"status": "affected",
"version": "2.3.75"
},
{
"status": "affected",
"version": "2.3.76"
},
{
"status": "affected",
"version": "2.3.77"
},
{
"status": "affected",
"version": "2.3.78"
},
{
"status": "affected",
"version": "2.3.79"
},
{
"status": "affected",
"version": "2.3.80"
},
{
"status": "affected",
"version": "2.3.81"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU-17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T00:12:33.151Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323779 | eCharge Hardy Barth Salia PLCC api.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323779"
},
{
"name": "VDB-323779 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323779"
},
{
"name": "Submit #643535 | echarge Salia PLCC 2.2.0 Unauthorized File-Write",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.643535"
},
{
"tags": [
"related"
],
"url": "https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-09T01:16:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "eCharge Hardy Barth Salia PLCC api.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10371",
"datePublished": "2025-09-13T17:32:06.472Z",
"dateReserved": "2025-09-12T14:04:45.082Z",
"dateUpdated": "2026-01-09T00:12:33.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-10371\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-09-13T18:15:31.717\",\"lastModified\":\"2026-01-09T01:15:42.407\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md#poc\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.323779\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.323779\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.643535\",\"source\":\"cna@vuldb.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-10371\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-15T15:39:44.052956Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-15T15:39:48.248Z\"}}], \"cna\": {\"title\": \"eCharge Hardy Barth Salia PLCC api.php unrestricted upload\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"XU-17 (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 7.5, \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"eCharge Hardy Barth\", \"product\": \"Salia PLCC\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3.0\"}, {\"status\": \"affected\", \"version\": \"2.3.1\"}, {\"status\": \"affected\", \"version\": \"2.3.2\"}, {\"status\": \"affected\", \"version\": \"2.3.3\"}, {\"status\": \"affected\", \"version\": \"2.3.4\"}, {\"status\": \"affected\", \"version\": \"2.3.5\"}, {\"status\": \"affected\", \"version\": \"2.3.6\"}, {\"status\": \"affected\", \"version\": \"2.3.7\"}, {\"status\": \"affected\", \"version\": \"2.3.8\"}, {\"status\": \"affected\", \"version\": \"2.3.9\"}, {\"status\": \"affected\", \"version\": \"2.3.10\"}, {\"status\": \"affected\", \"version\": \"2.3.11\"}, {\"status\": \"affected\", \"version\": \"2.3.12\"}, {\"status\": \"affected\", \"version\": \"2.3.13\"}, {\"status\": \"affected\", \"version\": \"2.3.14\"}, {\"status\": \"affected\", \"version\": \"2.3.15\"}, {\"status\": \"affected\", \"version\": \"2.3.16\"}, {\"status\": \"affected\", \"version\": \"2.3.17\"}, {\"status\": \"affected\", \"version\": \"2.3.18\"}, {\"status\": \"affected\", \"version\": \"2.3.19\"}, {\"status\": \"affected\", \"version\": \"2.3.20\"}, {\"status\": \"affected\", \"version\": \"2.3.21\"}, {\"status\": \"affected\", \"version\": \"2.3.22\"}, {\"status\": \"affected\", \"version\": \"2.3.23\"}, {\"status\": \"affected\", \"version\": \"2.3.24\"}, {\"status\": \"affected\", \"version\": \"2.3.25\"}, {\"status\": \"affected\", \"version\": \"2.3.26\"}, {\"status\": \"affected\", \"version\": \"2.3.27\"}, {\"status\": \"affected\", \"version\": \"2.3.28\"}, {\"status\": \"affected\", \"version\": \"2.3.29\"}, {\"status\": \"affected\", \"version\": \"2.3.30\"}, {\"status\": \"affected\", \"version\": \"2.3.31\"}, {\"status\": \"affected\", \"version\": \"2.3.32\"}, {\"status\": \"affected\", \"version\": \"2.3.33\"}, {\"status\": \"affected\", \"version\": \"2.3.34\"}, {\"status\": \"affected\", \"version\": \"2.3.35\"}, {\"status\": \"affected\", \"version\": \"2.3.36\"}, {\"status\": \"affected\", \"version\": \"2.3.37\"}, {\"status\": \"affected\", \"version\": \"2.3.38\"}, {\"status\": \"affected\", \"version\": \"2.3.39\"}, {\"status\": \"affected\", \"version\": \"2.3.40\"}, {\"status\": \"affected\", \"version\": \"2.3.41\"}, {\"status\": \"affected\", \"version\": \"2.3.42\"}, {\"status\": \"affected\", \"version\": \"2.3.43\"}, {\"status\": \"affected\", \"version\": \"2.3.44\"}, {\"status\": \"affected\", \"version\": \"2.3.45\"}, {\"status\": \"affected\", \"version\": \"2.3.46\"}, {\"status\": \"affected\", \"version\": \"2.3.47\"}, {\"status\": \"affected\", \"version\": \"2.3.48\"}, {\"status\": \"affected\", \"version\": \"2.3.49\"}, {\"status\": \"affected\", \"version\": \"2.3.50\"}, {\"status\": \"affected\", \"version\": \"2.3.51\"}, {\"status\": \"affected\", \"version\": \"2.3.52\"}, {\"status\": \"affected\", \"version\": \"2.3.53\"}, {\"status\": \"affected\", \"version\": \"2.3.54\"}, {\"status\": \"affected\", \"version\": \"2.3.55\"}, {\"status\": \"affected\", \"version\": \"2.3.56\"}, {\"status\": \"affected\", \"version\": \"2.3.57\"}, {\"status\": \"affected\", \"version\": \"2.3.58\"}, {\"status\": \"affected\", \"version\": \"2.3.59\"}, {\"status\": \"affected\", \"version\": \"2.3.60\"}, {\"status\": \"affected\", \"version\": \"2.3.61\"}, {\"status\": \"affected\", \"version\": \"2.3.62\"}, {\"status\": \"affected\", \"version\": \"2.3.63\"}, {\"status\": \"affected\", \"version\": \"2.3.64\"}, {\"status\": \"affected\", \"version\": \"2.3.65\"}, {\"status\": \"affected\", \"version\": \"2.3.66\"}, {\"status\": \"affected\", \"version\": \"2.3.67\"}, {\"status\": \"affected\", \"version\": \"2.3.68\"}, {\"status\": \"affected\", \"version\": \"2.3.69\"}, {\"status\": \"affected\", \"version\": \"2.3.70\"}, {\"status\": \"affected\", \"version\": \"2.3.71\"}, {\"status\": \"affected\", \"version\": \"2.3.72\"}, {\"status\": \"affected\", \"version\": \"2.3.73\"}, {\"status\": \"affected\", \"version\": \"2.3.74\"}, {\"status\": \"affected\", \"version\": \"2.3.75\"}, {\"status\": \"affected\", \"version\": \"2.3.76\"}, {\"status\": \"affected\", \"version\": \"2.3.77\"}, {\"status\": \"affected\", \"version\": \"2.3.78\"}, {\"status\": \"affected\", \"version\": \"2.3.79\"}, {\"status\": \"affected\", \"version\": \"2.3.80\"}, {\"status\": \"affected\", \"version\": \"2.3.81\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-09-12T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-09-12T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-01-09T01:16:29.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.323779\", \"name\": \"VDB-323779 | eCharge Hardy Barth Salia PLCC api.php unrestricted upload\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.323779\", \"name\": \"VDB-323779 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.643535\", \"name\": \"Submit #643535 | echarge Salia PLCC 2.2.0 Unauthorized File-Write\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/YZS17/CVE/blob/main/Salia_PLCC/file-write-api.php.md#poc\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"Unrestricted Upload\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Controls\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-01-09T00:12:33.151Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-10371\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-09T00:12:33.151Z\", \"dateReserved\": \"2025-09-12T14:04:45.082Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-09-13T17:32:06.472Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…