A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
PUBLISHED5.2CWE-94CWE-74
ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection
Problem type
Affected products
ChenJinchuang
Lin-CMS-TP5
0.3.0 - AFFECTED
0.3.1 - AFFECTED
0.3.2 - AFFECTED
0.3.3 - AFFECTED
References
VDB-338507 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection
https://vuldb.com/?id.338507
VDB-338507 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.338507
Submit #712754 | lin-cms-tp5 1.0 Unrestricted Upload
https://vuldb.com/?submit.712754
github.com
https://github.com/ChenJinchuang/lin-cms-tp5/issues/65
GitHub Security Advisories
GHSA-q2w3-p85r-q6v3
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the...
https://github.com/advisories/GHSA-q2w3-p85r-q6v3A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-15129
github.com
https://github.com/ChenJinchuang/lin-cms-tp5/issues/65
vuldb.com
https://vuldb.com/?ctiid.338507
vuldb.com
https://vuldb.com/?id.338507
vuldb.com
https://vuldb.com/?submit.712754
github.com
https://github.com/advisories/GHSA-q2w3-p85r-q6v3
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-15129Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-15129",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-12-28T09:02:10.127Z",
"dateReserved": "2025-12-27T09:13:02.920Z",
"datePublished": "2025-12-28T09:02:10.127Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-12-28T09:02:10.127Z"
},
"title": "ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection",
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"affected": [
{
"vendor": "ChenJinchuang",
"product": "Lin-CMS-TP5",
"modules": [
"File Upload Handler"
],
"versions": [
{
"version": "0.3.0",
"status": "affected"
},
{
"version": "0.3.1",
"status": "affected"
},
{
"version": "0.3.2",
"status": "affected"
},
{
"version": "0.3.3",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.338507",
"name": "VDB-338507 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.338507",
"name": "VDB-338507 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.712754",
"name": "Submit #712754 | lin-cms-tp5 1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/ChenJinchuang/lin-cms-tp5/issues/65",
"tags": [
"exploit",
"issue-tracking"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 6.5
}
}
],
"timeline": [
{
"time": "2025-12-27T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-12-27T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-12-27T10:18:46.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "formanagain (VulDB User)",
"type": "reporter"
}
]
}
}
}