CVE-2025-7939 | THREATINT

Description

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

Es wurde eine kritische Schwachstelle in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 ausgemacht. Hiervon betroffen ist die Funktion addGoods der Datei GoodsController.java. Dank Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

Reserved 2025-07-21 | Published 2025-07-21 | Updated 2025-07-21 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Problem types

Unrestricted Upload

Improper Access Controls

Product status

1.0

affected

Timeline

2025-07-21:	Advisory disclosed
2025-07-21:	VulDB entry created
2025-07-21:	VulDB entry last update

Credits

HJAQiang (VulDB User) reporter

References

vuldb.com/?id.317076 (VDB-317076 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload) vdb-entry technical-description

vuldb.com/?ctiid.317076 (VDB-317076 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.618986 (Submit #618986 | Gitee 蛋糕商城JPA版 1.0 Unrestricted Upload) third-party-advisory

github.com/...��商城JPA版-Arbitrary File Upload/readme.md related

cve.org (CVE-2025-7939)

nvd.nist.gov (CVE-2025-7939)

Download JSON