CVE-2025-5243
10.0 CRITICALUnrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection...
Published: 2025-07-24 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-434, CWE-78
Description
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)
- CVE-2026-42853 — ApostropheCMS is an open-source Node.js content management system (6.5 MEDIUM)
- CVE-2026-53724 — Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js
- CVE-2026-48165 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-48163 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)