CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3843 – panhainan DS-Java cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-3843
21 Apr 2025 — A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/caigo8/CVE-md/blob/main/DS-Java/CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3842 – panhainan DS-Java FileUpload.java uploadUserPic.action code injection
https://notcve.org/view.php?id=CVE-2025-3842
21 Apr 2025 — A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/DS-Java/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0RCE.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •