CVE-2025-4768 – Feng Ha Ha/MegaGao SSM-ERP and Production SSM Unrestricted File Upload Vulnerability

May 16, 2025

CVE ID : CVE-2025-4768

Published : May 16, 2025, 10:15 a.m. | 2 hours, 7 minutes ago

Description : A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40630 – IceWarp Mail Server Open Redirection Vulnerability

Next Article CVE-2025-4767 – Defog-ai Introspect Code Injection Vulnerability

Highlights

CVE-2025-48872 – Apache DoS

May 30, 2025

CVE ID : CVE-2025-48872

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47055. Reason: This candidate is a duplicate of CVE-2024-47055. Notes: All CVE users should reference CVE-2024-47055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-4768 – Feng Ha Ha/MegaGao SSM-ERP and Production SSM Unrestricted File Upload Vulnerability

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

AI agents will threaten humans to achieve their goals, Anthropic report finds

Controlling Execution Flow with Laravel’s Sleep Helper

Training Llama 3.3 Swallow: A Japanese sovereign LLM on Amazon SageMaker HyperPod

More Mainframe Trailblazer Trivia

CVE-2025-48872 – Apache DoS

IT Rack Setup Services in Delhi – Professional IT Infrastructure Solutions

Rilasciato Kitty 0.42: Terminale Accelerato da GPU con Accesso Rapido in Stile Quake

CVE-2025-5385 – JeeWMS Path Traversal Vulnerability

CVE-2025-4768 – Feng Ha Ha/MegaGao SSM-ERP and Production SSM Unrestricted File Upload Vulnerability

Related Posts