关键漏洞信息 CVE ID: CVE-2025-15415 Vendor: xnx3 Product: wangmarket up to 6.4 Vulnerability Type: Unrestricted upload Component: XML File Handler Affected File: /sits/uploadImage.do Vulnerability Severity: Critical CVSS Scores: - CVSSv3 Base Score: 4.7 - CVSSv2 Base Score: 4.2 Vulnerability Description: - A manipulation of the argument in the function can lead to an unrestricted file upload vulnerability. Exploit: - Exploit code is available on GitHub. - The attack can be executed remotely. - Current exploit price range: $0-$5k. Threat Intelligence: - Interest level: Not specified. - No active actors or APT groups identified. Timeline: - Vulnerability disclosed on 01/01/2026. - VulDB entry created and last updated on 01/02/2026. Mitigation: - No recommended countermeasures provided. - The vendor did not respond. Additional Links: - CVE-2025-15415 - GCVE-0-2025-15415 - GCVE-100-339336 - Scip Labs