Primary

Context

Baowzh Hfly Unrestricted File Upload Vulnerability in Upload_json.php

Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in Baowzh Hfly versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c. The issue arises in an unknown function of the file '/Public/Kindeditor/php/upload_json.php', where manipulation of the 'imgFile' argument enables unauthorized file uploads. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the execution of malicious files on the server.

Reproduction

The vulnerability can be reproduced by sending a request to '/Public/Kindeditor/php/upload_json.php' with a manipulated 'imgFile' argument that bypasses file upload restrictions. This can be done remotely.

Added: Dec 11, 2025, 4:29 PM

Updated: Dec 11, 2025, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.3

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.3

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Baowzh Hfly Unrestricted File Upload Vulnerability in Upload_json.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating