Medium severity5.4NVD Advisory· Published Aug 25, 2025· Updated Apr 15, 2026
CVE-2025-52130
CVE-2025-52130
Description
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.17
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.