CVE-2025-8122

High CVSS: 8.7

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Vendor

Widzialni

Product

Pad Cms

CWE

CWE-89

Yayın Tarihi

2025-09-30 11:37:45

Güncelleme

2025-11-26 14:36:51

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-89 Pad Cms HIGH Widzialni 2025

Referanslar

https://cert.pl/posts/2025/09/CVE-2025-7063

Benzer Kayıtlar

Medium

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: login_count and login_timeout. Inf…

Medium

CVE-2025-8119

PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft spec…

Critical

CVE-2025-8120

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remo…

High

CVE-2025-8121

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Critical

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remot…

Critical

CVE-2025-7065

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remo…