cbcvebase.

Winterchens My-Site vulnerabilities

5 known vulnerabilities affecting winterchens/my-site.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-50904P2CRITICALCVSS 9.8≤ 2025-06-112025-08-20
CVE-2025-50904 [CRITICAL] CWE-288 CVE-2025-50904: There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06- There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
nvd
CVE-2025-8838P2CRITICALCVSS 9.8v2025-06-11v1f7525f15934d9d6a278de967f6ec9f1757738d82025-08-11
CVE-2025-8838 [CRITICAL] CWE-287 CVE-2025-8838: A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to
nvd
CVE-2024-53496P3CRITICALCVSS 9.8v2024-08-272025-08-22
CVE-2024-53496 [CRITICAL] CWE-284 CVE-2024-53496: Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to acce Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
nvd
CVE-2024-57152P3HIGHCVSS 7.5v1.0.22025-08-20
CVE-2024-57152 [HIGH] CWE-284 CVE-2024-57152: Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sens Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class
nvd
CVE-2024-53495P3HIGHCVSS 7.5v1.0.22025-08-20
CVE-2024-53495 [HIGH] CWE-284 CVE-2024-53495: Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to acc Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
nvd
Winterchens My-Site vulnerabilities | cvebase