CVE-2025-0484

Published: Jan 15, 2025Modified: Feb 27, 2025

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Fanli2012: Native Php Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fanli2012 Native Php Cms	Version 1.0

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (5)

https://github.com/Fanli2012/native-php-cms/issues/6

Source: cna@vuldb.com

ExploitIssue Tracking

https://github.com/Fanli2012/native-php-cms/issues/6#issue-2769903928

Source: cna@vuldb.com

ExploitIssue Tracking

https://vuldb.com/?ctiid.291929

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.291929

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.475245

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.