CVE-2025-65472

High CVSS: 8.8

A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.

Vendor

Easyimages2.0 Project

Product

Easyimages2.0

CWE

CWE-352

Yayın Tarihi

2025-12-11 17:15:57

Güncelleme

2025-12-15 19:29:07

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-352 Easyimages2.0 HIGH Easyimages2.0 Project 2025

Referanslar

https://congsec.cn/?id=20251104215007-yjddwx1 https://gist.github.com/CongSec/a6c8b15878f19647dbd26c22b47bac65

Benzer Kayıtlar

Critical

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows att…

High

CVE-2025-65471

An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows att…

Critical

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attac…

Medium

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php…