CVE-2025-70833

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Smanga version 3.2.7

Description An authentication bypass exists in Smanga version 3.2.7. An unauthenticated attacker can reset the password of any user, including the administrator, and fully compromise the account. This is achieved by manipulating POST parameters within the check-power.php file, due to insecure permission validation. The vulnerable component is the check-power.php file.

Recommendations Update to a newer version of Smanga that addresses this issue. As a temporary workaround, restrict access to the check-power.php file.

Exploit

Fix

IDOR

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-287

Related Identifiers

CVE-2025-70833

Affected Products

Smanga

CVE-2025-70833

Weakness Enumeration

Related Identifiers

Affected Products

References · 5