Vulnerability Description
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Max-3000 | Maxsite Cms | <= 109 |
Related Weaknesses (CWE)
References
- https://note-hxlab.wetolink.com/share/lIWZkTHQPSVhExploitThird Party Advisory
- https://vuldb.com/?ctiid.330137Permissions RequiredVDB Entry
- https://vuldb.com/?id.330137Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.674552Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-12347?
CVE-2025-12347 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the ...
How severe is CVE-2025-12347?
CVE-2025-12347 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12347?
Check the references section above for vendor advisories and patch information. Affected products include: Max-3000 Maxsite Cms.