VYPR
Medium severity6.3NVD Advisory· Published Mar 1, 2025· Updated Jun 17, 2026

CVE-2025-1791

CVE-2025-1791

Description

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected products

2
  • Zorlan/Skycaijillm-fuzzy2 versions
    = 2.9+ 1 more
    • (no CPE)range: = 2.9
    • (no CPE)range: 2.9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.