cbcvebase.
CVE-2014-125126
published 2025-07-31

CVE-2014-125126: An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by…

PriorityP272critical9.2CVSS 4.0
AVNACLATPPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.52%
71.4th percentile
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.

Affected

1 ranges
VendorProductVersion rangeFixed in
simple_e-documentsimple_e-document3.0 – 3.1

Detection & IOCsextracted from sources · hover to see the quote

cookieaccess=3
  • Detect HTTP requests containing the cookie header 'access=3' targeting Simple E-Document upload endpoints, which indicates an authentication bypass attempt.
  • Monitor for unauthenticated file upload requests resulting in .php files being written to the web server, indicative of web shell deployment following exploitation.
  • Alert on POST requests to Simple E-Document upload functionality from unauthenticated sessions (no valid credentials) carrying the bypass cookie, especially when the uploaded content is a PHP file.
  • ·File uploads are disabled by default in Simple E-Document; exploitation requires that the upload feature has been explicitly enabled on the target server.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.