CVE-2025-1165

Severity CVSS v4.0:
MEDIUM
Type:
CWE-284 Improper Access Control
Publication date:
11/02/2025
Last modified:
18/02/2025

Description

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.