Lkw199711 Smanga vulnerabilities
3 known vulnerabilities affecting lkw199711/smanga.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-34193P2HIGHCVSS 7.5Exploitedv3.2.72024-05-20
CVE-2024-34193 [HIGH] CWE-22 CVE-2024-34193: smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.
nvd
CVE-2025-70831P2CRITICALCVSS 9.8v3.2.72026-02-20
CVE-2025-70831 [CRITICAL] CWE-78 CVE-2025-70831: A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php in
A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete ser
nvd
CVE-2025-70833P2CRITICALCVSS 9.4v3.2.72026-02-20
CVE-2025-70833 [CRITICAL] CWE-287 CVE-2025-70833: An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset t
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.
nvd