CVE-2024-25181

Critical CVSS: 9.1

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.

Vendor

Vvveb

Product

Vvvebjs

CWE

CWE-918

Yayın Tarihi

2025-12-29 20:15:40

Güncelleme

2026-01-07 14:50:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-918 Vvvebjs CRITICAL Vvveb 2025

Referanslar

https://gist.github.com/joaoviictorti/69cbae23d98fb9a1a4b3eee0c305c7de https://gist.github.com/joaoviictorti/69cbae23d98fb9a1a4b3eee0c305c7de

Benzer Kayıtlar

High

CVE-2024-25183

givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.

Critical

CVE-2024-27480

givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.

Critical

CVE-2024-25182

givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.

Medium

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the fi…

Medium

CVE-2025-11944

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/control…

Medium

CVE-2025-11029

A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipul…