Medium severity4.7NVD Advisory· Published Sep 29, 2025· Updated Apr 29, 2026
CVE-2025-11136
CVE-2025-11136
Description
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.0.2
Patches
Vulnerability mechanics
References
4- github.com/electroN1chahaha/YifangCMS-V2.0.0-Remote-Code-Execution-RCE-/issues/1nvdExploitIssue Tracking
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.