TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-8838

HIGH
7.3

Descricao

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."

Detalhes CVE

Pontuacao CVSS v3.17.3
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/11/2025
Ultima modificacao9/11/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

winterchens:my-site

Fraquezas (CWE)

CWE-287

Referencias

https://github.com/WinterChenS/my-site/issues/97(cna@vuldb.com)
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791(cna@vuldb.com)
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571(cna@vuldb.com)
https://vuldb.com/?ctiid.319372(cna@vuldb.com)
https://vuldb.com/?id.319372(cna@vuldb.com)
https://vuldb.com/?submit.622421(cna@vuldb.com)
https://github.com/WinterChenS/my-site/issues/97(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://vuldb.com/?submit.622421(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.