CVE-2025-70833

Critical CVSS: 9.4

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.

Vendor

Lkw199711

Product

Smanga

CWE

CWE-287

Yayın Tarihi

2026-02-20 17:25:50

Güncelleme

2026-02-26 21:30:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-287 Smanga CRITICAL Lkw199711 2026

Referanslar

https://github.com/LX-66-LX/cve/issues/4