PT-2025-10792 · Unknown · Media Manager

Erpaciocco

Published

2025-02-25

Updated

2025-03-24

CVE-2025-22213

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined.

Description: Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2025-13377

CVE-2025-22213

Affected Products

Media Manager

PT-2025-10792 · Unknown · Media Manager

CVE-2025-22213

Weakness Enumeration

Related Identifiers

Affected Products

References · 5