{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13275", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-11-16T17:34:21.554Z", "datePublished": "2025-11-17T10:32:05.483Z", "dateUpdated": "2025-11-17T15:03:10.579Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-11-17T10:32:05.483Z"}, "title": "Iqbolshoh php-business-website about.php unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "Unrestricted Upload"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "Iqbolshoh", "product": "php-business-website", "versions": [{"version": "10677743a8dfc281f85291a27cf63a0bce043c24", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."}, {"lang": "de", "value": "In Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24 wurde eine Schwachstelle gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/about.php. Die Ver\u00e4nderung resultiert in unrestricted upload. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-11-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-11-16T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-11-16T18:40:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "mahushuai (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.332610", "name": "VDB-332610 | Iqbolshoh php-business-website about.php unrestricted upload", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.332610", "name": "VDB-332610 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.690049", "name": "Submit #690049 | php-business-website web 1 Unrestricted Upload", "tags": ["third-party-advisory"]}, {"url": "https://github.com/mhszed/Report/blob/main/php-business-website%20upload.docx", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-17T14:59:19.223185Z", "id": "CVE-2025-13275", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T15:03:10.579Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13275", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-17T14:59:19.223185Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T14:59:53.308Z"}}], "cna": {"title": "Iqbolshoh php-business-website about.php unrestricted upload", "credits": [{"lang": "en", "type": "reporter", "value": "mahushuai (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Iqbolshoh", "product": "php-business-website", "versions": [{"status": "affected", "version": "10677743a8dfc281f85291a27cf63a0bce043c24"}]}], "timeline": [{"lang": "en", "time": "2025-11-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-11-16T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-11-16T18:40:43.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.332610", "name": "VDB-332610 | Iqbolshoh php-business-website about.php unrestricted upload", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.332610", "name": "VDB-332610 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.690049", "name": "Submit #690049 | php-business-website web 1 Unrestricted Upload", "tags": ["third-party-advisory"]}, {"url": "https://github.com/mhszed/Report/blob/main/php-business-website%20upload.docx", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."}, {"lang": "de", "value": "In Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24 wurde eine Schwachstelle gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/about.php. Die Ver\u00e4nderung resultiert in unrestricted upload. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "Unrestricted Upload"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-11-17T10:32:05.483Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13275", "state": "PUBLISHED", "dateUpdated": "2025-11-17T15:03:10.579Z", "dateReserved": "2025-11-16T17:34:21.554Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-11-17T10:32:05.483Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."}], "id": "CVE-2025-13275", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-11-17T11:15:42.767", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/mhszed/Report/blob/main/php-business-website%20upload.docx"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.332610"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.332610"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.690049"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"created": "2025-11-17T15:15:20.031389+00:00", "updated": "2025-11-17T15:15:20.031421+00:00", "vendors": ["iqbolshoh", "iqbolshoh$PRODUCT$php-business-website"]}