Home

Description

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-25 | Updated 2025-08-26 | Assigner mitre

References

github.com/SMEWebify/WebErpMesv2

medium.com/...-name-leads-to-rce-cve-2025-52130-8ff59a7d245c

cve.org (CVE-2025-52130)

nvd.nist.gov (CVE-2025-52130)

Download JSON