Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-5007— Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting

CVSS 3.5 · Low EPSS 0.18% · P40
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-5007

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Part-DB 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Part-DB是Part-DB开源的一个基于 Web 的数据库,用于管理电子元件。 Part-DB 1.17.0及之前版本存在代码注入漏洞,该漏洞源于文件src/Services/Attachments/AttachmentSubmitHandler.php对参数attachment处理不当,可能导致跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Part-DB 1.0 -

II. Public POCs for CVE-2025-5007

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-5007

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-05-20 · 22 CVEs total

CVE-2025-412317.3 HIGHVMware Cloud Foundation Missing Authorisation Vulnerability
CVE-2025-44887PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44897PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44891PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44898PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44894PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44896PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44883PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44882WAVLINK WL-WN579A3 安全漏洞
CVE-2025-44880WAVLINK WL-WN579A3 安全漏洞
CVE-2025-44886PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-45862TOTOLINK A3002R 安全漏洞
CVE-2025-44881WAVLINK WL-WN579A3 安全漏洞
CVE-2025-44888PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44884PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44885PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44893PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44890PLANET FW-WGS-804HPT 安全漏洞
CVE-2025-44084D-Link DI-8100 安全漏洞
CVE-2025-26086RSI Queue Management System 安全漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Part-DB
Same vendor: n/a
Same weakness: CWE-79

V. Comments for CVE-2025-5007

No comments yet

Leave a comment