216.73.217.139

CVE-2025-15152

· Published 28/12/2025 20:15 · Modified 29/12/2025 15:57

Labels: CVE-2025-15152 2025-12-28CVE-2025-15152CWE-284[email protected]

Essential information

Published
28/12/2025 20:15
Modified
29/12/2025 15:57
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
h-moses / moga-mall cpe:2.3:a:h-moses:moga-mall:*:*:*:*:*:*:*:*

References