CVE-2025-0484
Published: 15 January 2025
Description
A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-0484 is a critical improper authorization vulnerability (CWE-266, CWE-285) in Fanli2012 native-php-cms version 1.0. The issue resides in the Backend component, specifically the unknown processing of the file /fladmin/sysconfig_doedit.php, which allows manipulation leading to improper authorization.
The vulnerability can be exploited remotely by unauthenticated attackers over the network with low attack complexity and no user interaction required, per its CVSS 3.1 score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation enables limited impacts on confidentiality, integrity, and availability.
Advisories referenced in VulDB entries and GitHub issues for the native-php-cms repository (e.g., https://github.com/Fanli2012/native-php-cms/issues/6) confirm the vulnerability details, noting that an exploit has been publicly disclosed and may be used. No patches or specific mitigations are detailed in the provided references.
Details
- CWE(s)