CVE-2025-8119

Medium CVSS: 5.1

PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged user's password to defined by the attacker value. This issue affects all 3 templates: www, bip and www+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Vendor

Widzialni

Product

Pad Cms

CWE

CWE-352

Yayın Tarihi

2025-09-30 11:37:44

Güncelleme

2025-11-26 14:40:55

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-352 Pad Cms MEDIUM Widzialni 2025

Referanslar

https://cert.pl/posts/2025/09/CVE-2025-7063

Benzer Kayıtlar

High

CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Medium

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: login_count and login_timeout. Inf…

Critical

CVE-2025-8120

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remo…

High

CVE-2025-8121

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Critical

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remot…

Critical

CVE-2025-7065

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remo…