CVE-2025-0722

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions needyamin image gallery version 1.0

Description A critical issue was found in the Cover Image Handler component of the file /admin/gallery.php, allowing for unrestricted upload through the manipulation of the image argument. This can be initiated remotely. The issue has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations needyamin image gallery version 1.0: Avoid using the Cover Image Handler component until a fix is provided by the vendor, and consider implementing alternative security measures to prevent unrestricted uploads.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-0722

Affected Products

Needyamin Image Gallery

CVE-2025-0722

Weakness Enumeration

Related Identifiers

Affected Products

References · 12