cbcvebase.
CVE-2025-34100
published 2025-07-10

CVE-2025-34100: An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File…

PriorityP273critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.31%
81.3th percentile
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to upload a malicious .php file and subsequently execute arbitrary PHP code on the server under the context of the web server process. While the root vulnerability lies within the jQuery File Upload component, BuilderEngine’s improper integration and lack of access controls expose this functionality to unauthenticated users, resulting in full remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
builderenginecms

Detection & IOCsextracted from sources · hover to see the quote

versionBuilderEngine 3.5.0
  • Monitor for unauthenticated HTTP POST requests to elFinder 2.0 / jQuery File Upload endpoints that result in .php files being written to the web root or upload directories.
  • Detect execution of PHP files from upload directories following a file upload event, which may indicate post-upload webshell execution via this vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.