Baowzh Hfly vulnerabilities
4 known vulnerabilities affecting baowzh/hfly.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-14522P2CRITICALCVSS 9.8≤ 2016-05-11v638ff9abe9078bc977c132b37acbe1900b63491c2025-12-11
CVE-2025-14522 [CRITICAL] CWE-284 CVE-2025-14522: A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impa
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may
nvd
CVE-2025-14520P3CRITICALCVSS 9.1≤ 2016-05-11v638ff9abe9078bc977c132b37acbe1900b63491c2025-12-11
CVE-2025-14520 [CRITICAL] CWE-22 CVE-2025-14520: A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impact
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The exploit has been made available to the public and could
nvd
CVE-2025-14521P3HIGHCVSS 7.5≤ 2016-05-11v638ff9abe9078bc977c132b37acbe1900b63491c2025-12-11
CVE-2025-14521 [HIGH] CWE-22 CVE-2025-14521: A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63
A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may
nvd
CVE-2025-14519P4MEDIUMCVSS 5.4≤ 2016-05-11v638ff9abe9078bc977c132b37acbe1900b63491c2025-12-11
CVE-2025-14519 [MEDIUM] CWE-79 CVE-2025-14519: A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. T
A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and m
nvd