Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

299Ko CMS Unrestricted File Upload Vulnerability in File Management Component

Vulnerability

Exploited

A critical vulnerability allowing unrestricted file uploads has been identified in 299Ko CMS version 2.0.0. This issue resides in the file management component, specifically within the file '/admin/filemanager/view'. The vulnerability can be exploited remotely, and has been publicly disclosed along with a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the upload of malicious files that are executed on the server, causing remote code execution.

Reproduction

The vulnerability can be reproduced by accessing the file management section in the admin panel. Once there, upload a file through the file manager that is typically restricted, such as a PHP file. The uploaded file can then be executed, leading to remote code execution.

Added: Jul 28, 2025, 9:34 AM

Updated: Jul 28, 2025, 9:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

299Ko CMS Unrestricted File Upload Vulnerability in File Management Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating