CVE-2025-7063

Critical CVSS: 10.0

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, bip and ww+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Vendor

Widzialni

Product

Pad Cms

CWE

CWE-434

Yayın Tarihi

2025-09-30 11:37:43

Güncelleme

2025-11-26 14:42:30

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-434 Pad Cms CRITICAL Widzialni 2025

Referanslar

https://cert.pl/posts/2025/09/CVE-2025-7063

Benzer Kayıtlar

High

CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Medium

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: login_count and login_timeout. Inf…

Medium

CVE-2025-8119

PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft spec…

Critical

CVE-2025-8120

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remo…

High

CVE-2025-8121

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Critical

CVE-2025-7065

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remo…