CVE-2025-2671

A vulnerability was found in Yue Lao Blind Box ???? up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt