CVE-2025-44022

Critical CVSS: 9.8

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.

Vendor

Product

CWE

Yayın Tarihi

2025-05-12 16:15:25

Güncelleme

2025-06-23 19:15:17

Source Identifier

cve@mitre.org

KEV Date Added

CWE-94 Vvveb CRITICAL Vvveb 2025

https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022 https://github.com/givanz/Vvveb/commit/dd74abcae88f658779f61338b9f4c123884eef0d https://github.com/givanz/Vvveb/issues/289 https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022 https://github.com/givanz/Vvveb/issues/289

High

CVE-2024-25183

givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.

Critical

CVE-2024-27480

givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.

Critical

CVE-2024-25182

givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.

Critical

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSR…

Medium

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the fi…

Medium

CVE-2025-11944

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/control…