A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as 95c3e23856465d202e6aec10bdb6ee0688b5305a. It is advisable to implement a patch to correct this issue.
References
| Link | Resource |
|---|---|
| https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.dm5ttliupfqn | Exploit Third Party Advisory |
| https://github.com/JhumanJ/OpnForm/pull/900/commits/95c3e23856465d202e6aec10bdb6ee0688b5305a | Patch |
| https://vuldb.com/?ctiid.327373 | Permissions Required VDB Entry |
| https://vuldb.com/?id.327373 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.666877 | Third Party Advisory VDB Entry |
Configurations
History
09 Oct 2025, 16:19
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:jhumanj:opnform:*:*:*:*:*:*:*:* | |
| References | () https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.dm5ttliupfqn - Exploit, Third Party Advisory | |
| References | () https://github.com/JhumanJ/OpnForm/pull/900/commits/95c3e23856465d202e6aec10bdb6ee0688b5305a - Patch | |
| References | () https://vuldb.com/?ctiid.327373 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.327373 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.666877 - Third Party Advisory, VDB Entry | |
| First Time |
Jhumanj
Jhumanj opnform |
08 Oct 2025, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-08 06:15
Updated : 2025-10-09 16:19
NVD link : CVE-2025-11436
Mitre link : CVE-2025-11436
CVE.ORG link : CVE-2025-11436
JSON object : View
Products Affected
jhumanj
- opnform