CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

July 16, 2025

CVE ID : CVE-2025-34121

Published : July 16, 2025, 9:15 p.m. | 5 hours, 47 minutes ago

Description : An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34123 – VideoCharge Studio Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-34119 – EasyCafe Server Remote File Disclosure

Highlights

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

April 23, 2025

CVE ID : CVE-2025-3530

Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors

Devman Claims Cyberattack on Thailand Ministry of Labour, Demands $15M Ransom

CVE-2025-45143 – Apache String-Math Regex Denial of Service

CVE-2025-2146 – Canon Printers Buffer Overflow Vulnerability

CLIP-UP: A Simple and Efficient Mixture-of-Experts CLIP Training Recipe with Sparse Upcycling

CVE-2025-4327 – MRCMS Cross-Site Request Forgery Vulnerability

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

CVE-2025-4646 – Centreon Web Privilege Escalation Vulnerability

Next-Generation Mobility Solutions with Agentic AI and MongoDB Atlas

Apple Backports Zero-Day Patches to Older Devices in Latest Security Update

CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

Related Posts