CVE-2025-15197 — Improper Access Control in Content Management System

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.1%

top 83.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anirbandutta9 Content Management System Anirbandutta9 News-buzz Code-projects Content Management System +2 more

Timeline

PublishedDec 29

Description

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5code-projects/content_management_system1.0

▶NVDcode-projects/content_management_system1.0

▶CVEListV5code-projects/news-buzz1.0

▶CVEListV5anirbandutta9/content_management_system1.0

▶CVEListV5anirbandutta9/news-buzz1.0

🔴Vulnerability Details

CVEList

code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload↗2025-12-29

▶

GHSA

GHSA-2g7v-6q7q-7mp6: A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1↗2025-12-29

▶