Smanga

smanga

Vendor: Lkw199711 • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-70833 1Lkw199711 1Smanga Feb 26, 2026 Feb 20, 2026 N/A· v4 9.4 CRITICAL· v3 N/A· v2 An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. Th...Show more An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.Show less
CVE-2025-70831 1Lkw199711 1Smanga Feb 26, 2026 Feb 20, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a sy...Show more A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.Show less
CVE-2024-34193 1Lkw199711 1Smanga Feb 27, 2026 May 20, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.