CVE-2025-65473

Critical CVSS: 9.1

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.

Vendor

Easyimages2.0 Project

Product

Easyimages2.0

CWE

CWE-73

Yayın Tarihi

2025-12-11 17:15:57

Güncelleme

2025-12-15 19:28:47

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-73 Easyimages2.0 CRITICAL Easyimages2.0 Project 2025

Referanslar

https://congsec.cn?id=20251103235610-7t4en7j https://gist.github.com/CongSec/107b9cab6dd1cb297a738f11e2b2dbb6

Benzer Kayıtlar

Critical

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows att…

High

CVE-2025-65471

An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows att…

High

CVE-2025-65472

A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows atta…

Medium

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php…