CVE-2025-5171
llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload
A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Eine Schwachstelle wurde in llisoft MTA Maita Training System 4.5 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion this.fileService.download der Datei com\llisoft\controller\OpenController.java. Durch Manipulation des Arguments url mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
| 2025-05-25: | Advisory disclosed |
| 2025-05-25: | VulDB entry created |
| 2025-05-25: | VulDB entry last update |
caichaoxiong (VulDB User)
vuldb.com/?id.310259 (VDB-310259 | llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload)
vuldb.com/?ctiid.310259 (VDB-310259 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.579088 (Submit #579088 | MTA Maita Training System v4.5 Arbitrary File Upload Vulnerability)
wx.mail.qq.com/s?k=o3X5wV0ZZH0nuusQdO
Support options
