CVE-2025-10014

Low CVSS: 2.3

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is said to be difficult. The exploit has been published and may be used. It is required to know the RSA-encrypted password of the attacked user account.

Vendor

Eladmin

Product

Eladmin

CWE

CWE-266

Yayın Tarihi

2025-09-05 18:15:37

Güncelleme

2025-10-31 14:47:01

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Eladmin LOW Eladmin 2025

Referanslar

https://vuldb.com/?ctiid.322739 https://vuldb.com/?id.322739 https://vuldb.com/?submit.643840 https://www.cnblogs.com/aibot/p/19063332

Benzer Kayıtlar

Medium

CVE-2025-70997

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password…

Medium

CVE-2025-10084

A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /a…

Medium

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation caus…

Medium

CVE-2025-9240

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of…

Medium

CVE-2025-9239

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils…

Medium

CVE-2025-8530

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue…