CVE-2025-1113

Published: Feb 7, 2025Modified: Aug 21, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Taisan: Tarzan Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Taisan Tarzan Cms	Version 1.0.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J

Source: cna@vuldb.com

ExploitIssue Tracking

https://vuldb.com/?ctiid.295019

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.295019

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue Tracking

Timeline

No history available yet.