CVE-2025-8117

High CVSS: 8.7

PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Vendor

Widzialni

Product

Pad Cms

CWE

CWE-909

Yayın Tarihi

2025-09-30 11:37:43

Güncelleme

2025-11-26 14:41:41

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-909 Pad Cms HIGH Widzialni 2025

Referanslar

https://cert.pl/posts/2025/09/CVE-2025-7063

Benzer Kayıtlar

High

CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Medium

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: login_count and login_timeout. Inf…

Medium

CVE-2025-8119

PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft spec…

Critical

CVE-2025-8120

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remo…

High

CVE-2025-8121

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Critical

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remot…