CVE-2025-14532
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-03-02
CWE-434
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| studiofabryka | dorbycms | 1.0 - 5.0 |
References
- cert.pl (Third Party Advisory)