CVE-2014-125126
published 2025-07-31CVE-2014-125126: An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by…
PriorityP272critical9.2CVSS 4.0
AVNACLATPPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.52%
71.4th percentile
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple_e-document | simple_e-document | 3.0 – 3.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests containing the cookie header 'access=3' targeting Simple E-Document upload endpoints, which indicates an authentication bypass attempt. ↗
- →Monitor for unauthenticated file upload requests resulting in .php files being written to the web server, indicative of web shell deployment following exploitation. ↗
- →Alert on POST requests to Simple E-Document upload functionality from unauthenticated sessions (no valid credentials) carrying the bypass cookie, especially when the uploaded content is a PHP file. ↗
- ·File uploads are disabled by default in Simple E-Document; exploitation requires that the upload feature has been explicitly enabled on the target server. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-31
Published