CVE Identifier: CVE-2025-13949 Vendor and Product: ProudMuBai GoFilm 1.0.0/1.0.1 Vulnerability Type: Unrestricted File Upload Affected Function: in Risk Score (CVSS): 5.7 Exploit Availability: Publicly available proof-of-concept on GitHub Impact: - Manipulation of the argument leads to unrestricted file upload - Potential impact on confidentiality, integrity, and availability Vendor Response: No response from the vendor Classification: CWE-434 (Improper Control of Generation of Code ('Code Injection')) Attack Technique: T1608.002 (MITRE ATT&CK Framework) Summary: Critical vulnerability allows remote attackers to upload dangerous files, impacting the application's security.