CVE-2025-7939

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Bemcliu/cve-reports/blob/main/cve-03-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Arbitrary%20File%20Upload/readme.md", "name": "https://github.com/Bemcliu/cve-reports/blob/main/cve-03-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Arbitrary%20File%20Upload/readme.md", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.317076", "name": "VDB-317076 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.317076", "name": "VDB-317076 | jerryshensjf JPACookieShop ????JPA? GoodsController.java addGoods unrestricted upload", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.618986", "name": "Submit #618986 | Gitee ????JPA? 1.0 Unrestricted Upload", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in jerryshensjf JPACookieShop ????JPA? 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-7939", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}}, "publishedDate": "2025-07-21T21:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-21T21:15Z"}