Melis Technology Melis Platform vulnerabilities
3 known vulnerabilities affecting melis_technology/melis_platform.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2025-10353P1CRITICALCVSS 9.3ExploitedPoCfixed in 5.3.12025-10-08
CVE-2025-10353 [CRITICAL] CWE-43 CVE-2025-10353: File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technol
File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.
nvd
CVE-2025-10352P2CRITICALCVSS 9.3fixed in 5.3.112025-10-08
CVE-2025-10352 [CRITICAL] CWE-862 CVE-2025-10352: Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, al
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
nvd
CVE-2025-10351P3CRITICALCVSS 9.3fixed in 5.3.42025-10-08
CVE-2025-10351 [CRITICAL] CWE-89 CVE-2025-10351: SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technolog
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint.
nvd