CVE-2025-0482
Published: 15 January 2025
Description
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-0482 is a vulnerability classified as critical in Fanli2012 native-php-cms version 1.0, affecting an unknown part of the file /fladmin/user_recoverpwd.php. The issue stems from the use of default credentials, as detailed in the CVE description published on 2025-01-15. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-1392 and NVD-CWE-Other.
The vulnerability enables remote attackers with no privileges or user interaction to exploit the affected endpoint through manipulation, potentially leveraging default credentials for unauthorized access. Successful exploitation could result in low-level impacts to confidentiality, integrity, and availability.
Advisories reference GitHub issues at https://github.com/Fanli2012/native-php-cms/issues/4 and https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348, along with VulDB entries including https://vuldb.com/?ctiid.291927, https://vuldb.com/?id.291927, and https://vuldb.com/?submit.475237. The exploit has been publicly disclosed and may be used.
Details
- CWE(s)