CVE-2025-11029

Medium CVSS: 5.3

A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

Vendor

Vvveb

Product

Vvveb

CWE

CWE-352

Yayın Tarihi

2025-09-26 17:15:34

Güncelleme

2025-10-07 18:49:56

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-352 Vvveb MEDIUM Vvveb 2025

Referanslar

https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 https://vuldb.com/?ctiid.325967 https://vuldb.com/?id.325967 https://vuldb.com/?submit.657188 https://vuldb.com/?submit.657190 https://vuldb.com/?submit.657191 https://vuldb.com/?submit.657192 https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423

Benzer Kayıtlar

High

CVE-2024-25183

givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.

Critical

CVE-2024-27480

givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.

Critical

CVE-2024-25182

givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.

Critical

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSR…

Medium

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the fi…

Medium

CVE-2025-11944

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/control…