Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

lkw199711

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-70831
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 00:00
Updated-26 Feb, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.

Action-Not Available
Vendor-lkw199711n/a
Product-smangan/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-70833
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.10% / 27.19%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 00:00
Updated-26 Feb, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.

Action-Not Available
Vendor-lkw199711n/a
Product-smangan/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-34193
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.81%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:32
Updated-27 Feb, 2026 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.

Action-Not Available
Vendor-lkw199711n/apocketmanga
Product-smangan/asmanga
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')