VYPR
Moderate severityNVD Advisory· Published Mar 12, 2025· Updated Mar 19, 2025

CVE-2025-26260

CVE-2025-26260

Description

Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/plentico/plentiGo
< 0.7.170.7.17

Affected products

3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.