CVE-2025-46359

High CVSS: 8.6

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.

Vendor

Alfasado

Product

Powercms

CWE

CWE-22

Yayın Tarihi

2025-07-31 08:15:25

Güncelleme

2025-08-06 16:42:31

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-22 Powercms HIGH Alfasado 2025

Referanslar

https://jvn.jp/en/vu/JVNVU93412964/ https://www.powercms.jp/news/release-powercms-671-531-461.html

Benzer Kayıtlar

Medium

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malform…

Medium

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malici…

Medium

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a maliciou…

Medium

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwri…

Medium

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesse…