CVE-2025-34046P1CRITICALCVSS 10.0Exploited≤ 9.42025-06-26
CVE-2025-34046 [CRITICAL] CWE-434 CVE-2025-34046: An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management in
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this flaw by sending
nvd