Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Echo 开源社区系统 by veal98 小牛肉

    CVE-2025-3567 (GCVE-0-2025-3567)

    Vulnerability from nvd – Published: 2025-04-14 13:00 – Updated: 2025-04-14 13:30
    VLAI
    Title
    veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization
    Summary
    A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.304608 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.304608 signaturepermissions-required
    https://vuldb.com/?submit.549537 third-party-advisory
    https://github.com/caigo8/CVE-md/blob/main/Echo/%… exploit
    Impacted products
    Credits
    Caigo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3567",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:30:18.970535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:30:31.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Ticket Handler"
              ],
              "product": "Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf",
              "vendor": "veal98 \u5c0f\u725b\u8089",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Caigo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, was found in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion preHandle der Datei src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java der Komponente Ticket Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T13:00:06.776Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-304608 | veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf Ticket LoginTicketInterceptor.java preHandle improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.304608"
            },
            {
              "name": "VDB-304608 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.304608"
            },
            {
              "name": "Submit #549537 | https://gitee.com/veal98/Echo Echo 4.2 Improper Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.549537"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E6%9D%83%E9%99%90%E6%A0%A1%E9%AA%8C.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-14T01:01:08.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf Ticket LoginTicketInterceptor.java preHandle improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3567",
        "datePublished": "2025-04-14T13:00:06.776Z",
        "dateReserved": "2025-04-13T22:56:00.701Z",
        "dateUpdated": "2025-04-14T13:30:31.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3566 (GCVE-0-2025-3566)

    Vulnerability from nvd – Published: 2025-04-14 12:31 – Updated: 2025-08-26 19:26
    VLAI
    Title
    veal98 小牛肉 Echo 开源社区系统 uploadMdPic unrestricted upload
    Summary
    A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.304607 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.304607 signaturepermissions-required
    https://vuldb.com/?submit.549509 third-party-advisory
    https://github.com/caigo8/CVE-md/blob/main/Echo/%… exploit
    Impacted products
    Credits
    Caigo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:27:11.847652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T19:26:12.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf",
              "vendor": "veal98 \u5c0f\u725b\u8089",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Caigo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion uploadMdPic der Datei /discuss/uploadMdPic. Mittels Manipulieren des Arguments editormd-image-file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T12:31:04.765Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-304607 | veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf uploadMdPic unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.304607"
            },
            {
              "name": "VDB-304607 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.304607"
            },
            {
              "name": "Submit #549509 | https://gitee.com/veal98/Echo Echo 4.2 Unrestricted Upload of File with Dangerous Type",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.549509"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E6%9C%AA%E6%8E%88%E6%9D%83%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-14T01:01:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf uploadMdPic unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3566",
        "datePublished": "2025-04-14T12:31:04.765Z",
        "dateReserved": "2025-04-13T22:55:55.245Z",
        "dateUpdated": "2025-08-26T19:26:12.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3567 (GCVE-0-2025-3567)

    Vulnerability from cvelistv5 – Published: 2025-04-14 13:00 – Updated: 2025-04-14 13:30
    VLAI
    Title
    veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization
    Summary
    A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.304608 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.304608 signaturepermissions-required
    https://vuldb.com/?submit.549537 third-party-advisory
    https://github.com/caigo8/CVE-md/blob/main/Echo/%… exploit
    Impacted products
    Credits
    Caigo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3567",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:30:18.970535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:30:31.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Ticket Handler"
              ],
              "product": "Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf",
              "vendor": "veal98 \u5c0f\u725b\u8089",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Caigo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, was found in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion preHandle der Datei src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java der Komponente Ticket Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T13:00:06.776Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-304608 | veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf Ticket LoginTicketInterceptor.java preHandle improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.304608"
            },
            {
              "name": "VDB-304608 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.304608"
            },
            {
              "name": "Submit #549537 | https://gitee.com/veal98/Echo Echo 4.2 Improper Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.549537"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E6%9D%83%E9%99%90%E6%A0%A1%E9%AA%8C.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-14T01:01:08.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf Ticket LoginTicketInterceptor.java preHandle improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3567",
        "datePublished": "2025-04-14T13:00:06.776Z",
        "dateReserved": "2025-04-13T22:56:00.701Z",
        "dateUpdated": "2025-04-14T13:30:31.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3566 (GCVE-0-2025-3566)

    Vulnerability from cvelistv5 – Published: 2025-04-14 12:31 – Updated: 2025-08-26 19:26
    VLAI
    Title
    veal98 小牛肉 Echo 开源社区系统 uploadMdPic unrestricted upload
    Summary
    A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.304607 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.304607 signaturepermissions-required
    https://vuldb.com/?submit.549509 third-party-advisory
    https://github.com/caigo8/CVE-md/blob/main/Echo/%… exploit
    Impacted products
    Credits
    Caigo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:27:11.847652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T19:26:12.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf",
              "vendor": "veal98 \u5c0f\u725b\u8089",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Caigo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion uploadMdPic der Datei /discuss/uploadMdPic. Mittels Manipulieren des Arguments editormd-image-file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T12:31:04.765Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-304607 | veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf uploadMdPic unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.304607"
            },
            {
              "name": "VDB-304607 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.304607"
            },
            {
              "name": "Submit #549509 | https://gitee.com/veal98/Echo Echo 4.2 Unrestricted Upload of File with Dangerous Type",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.549509"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E6%9C%AA%E6%8E%88%E6%9D%83%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-14T01:01:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf uploadMdPic unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3566",
        "datePublished": "2025-04-14T12:31:04.765Z",
        "dateReserved": "2025-04-13T22:55:55.245Z",
        "dateUpdated": "2025-08-26T19:26:12.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }