CVE-2025-29708 — External Control of File Name or Path in Company Website CMS

CWE-73 — External Control of File Name or Path3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 27.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Torrahclef Company Website CMS
Timeline
PublishedApr 16

Description

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jj4c-9qx7-h4pc: SourceCodester Company Website CMS 1↗2025-04-16
â–¶
CVEList
CVE-2025-29708: SourceCodester Company Website CMS 1↗2025-04-16
â–¶
CVE-2025-29708 — External Control of File Name or Path | cvebase