Overview CVE-2025-13791 describes a path traversal vulnerability discovered in Scada-LTS (Long Term Support) versions up to 2.7.8.1. This vulnerability resides within the Project Import functionality and can be exploited remotely. The vendor was notified but did not respond. Technical Details The vulnerability is located in the Common.getHomeDir function within the br/org/scadabr/vo/exporter/ZIPProjectManager.java file. By manipulating input during the Project Import process, an attacker can inject arbitrary paths, allowing them to read or potentially overwrite files outside the intended directory. This type of vulnerability is commonly known as a Zip Slip vulnerability. The exploit is publicly available. CVSS Analysis The Common Vulnerability…
-
-
Overview A Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2025-13790, has been discovered in Scada-LTS versions up to 2.7.8.1. This vulnerability allows an attacker to potentially execute unauthorized actions on behalf of a legitimate user without their knowledge. The vendor was notified but did not respond. Public exploits are available, increasing the risk to Scada-LTS deployments. Technical Details CVE-2025-13790 affects an unspecified function within Scada-LTS. By crafting a malicious web page or link, an attacker can trick a logged-in user into inadvertently sending requests that perform actions on the Scada-LTS system. This could include modifying configurations, adding or deleting users,…
-
Overview CVE-2025-13789 describes a Server-Side Request Forgery (SSRF) vulnerability found in ZenTao, specifically affecting versions up to 21.7.6-8564. This vulnerability resides within the makeRequest function of the module/ai/model.php file. By manipulating the Base argument, attackers can potentially force the ZenTao server to make requests to arbitrary internal or external destinations, leading to information disclosure or other malicious activities. A public exploit is available, making immediate action crucial. Technical Details The vulnerability lies in the insufficient validation and sanitization of the Base parameter within the makeRequest function. An attacker can exploit this by injecting a malicious URL into the Base parameter,…
-
Overview A high-severity SQL injection vulnerability, identified as CVE-2025-13788, has been discovered in Chanjet CRM versions up to 20251106. This flaw allows a remote attacker to execute arbitrary SQL commands, potentially leading to data breaches, system compromise, and other severe consequences. The vulnerability is actively exploitable and a proof-of-concept (PoC) is publicly available. The vendor has been unresponsive to initial disclosure attempts. Technical Details The vulnerability exists in the /tools/upgradeattribute.php file. Specifically, the gblOrgID parameter is susceptible to SQL injection. An attacker can manipulate this parameter in a crafted request to inject malicious SQL code, allowing them to bypass security…
-
Overview CVE-2025-13787 is a medium severity vulnerability affecting ZenTao project management software, specifically versions up to 21.7.6-8564. This flaw allows remote attackers to potentially delete arbitrary files due to improper privilege management in the file deletion functionality. Successful exploitation of this vulnerability could lead to data loss and disruption of project workflows. Immediate action is recommended to mitigate this risk. Technical Details The vulnerability resides within the file::delete function located in the module/file/control.php file of the ZenTao application. The issue stems from insufficient validation of the fileID argument when attempting to delete a file. A malicious actor could manipulate this…
-
Overview A high-severity code injection vulnerability, identified as CVE-2025-13786, has been discovered in WTCMS. This flaw allows a remote attacker to inject arbitrary code by manipulating the content argument in the fetch function of the /index.php file. The vulnerability affects versions up to commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Exploit code is publicly available, increasing the urgency for users to assess and address this risk. Notably, the vendor has not responded to disclosure attempts. Given WTCMS’s continuous delivery model with rolling releases, specific affected versions and patch details are unavailable. Technical Details The vulnerability resides within the fetch function of the /index.php file in…
-
Overview CVE-2025-13785 describes a medium severity information disclosure vulnerability found in yungifez Skuul School Management System up to version 2.6.5. The vulnerability resides in the image handler component’s processing of the /user/profile file. A remote attacker can exploit this issue to potentially gain access to sensitive user information. The vendor has been contacted, but there has been no response. Technical Details The vulnerability exists due to insufficient input validation and sanitization when handling image uploads or processing profile information via the /user/profile endpoint. An attacker can manipulate image parameters or other profile-related data sent to this endpoint, leading to the…
-
Overview A Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-13784, has been discovered in yungifez Skuul School Management System up to version 2.6.5. This vulnerability allows an attacker to inject malicious scripts into the application, potentially compromising user data and application functionality. The vendor was notified but did not respond. Technical Details The vulnerability resides within the SVG File Handler, specifically affecting the /dashboard/schools/1/edit endpoint. By manipulating this endpoint, a remote attacker can inject malicious scripts that are then executed within the context of other users’ browsers. This is a stored XSS vulnerability, meaning the malicious script is stored on the…
-
Overview A significant security vulnerability, identified as CVE-2025-13783, has been discovered in taosir WTCMS. This flaw, affecting versions up to commit hash 01a5f68a3dfc2fdddb44eed967bb2d4f60487665, allows for remote SQL injection attacks. The vendor was notified but did not respond. Technical Details The vulnerability resides within the CommentadminController.class.php file, specifically in the check/uncheck/delete functions of the application/Comment/Controller/ component. By manipulating the ids argument, a remote attacker can inject malicious SQL queries. The lack of proper input sanitization allows for arbitrary database manipulation, potentially leading to data breaches, unauthorized access, or complete system compromise. CVSS Analysis The Common Vulnerability Scoring System (CVSS) assigns this…
-
Overview CVE-2025-66433 describes a medium-severity security vulnerability affecting HTCondor Access Point. Specifically, versions before 24.12.14, 25.0.3, and 25.3.1 are susceptible to user impersonation. An authenticated user can potentially impersonate other users on the same local machine by submitting a specifically crafted batch job. This vulnerability has been addressed in versions 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3. Technical Details The vulnerability stems from insufficient validation of user identity during batch job submission within the HTCondor Access Point. An authenticated user can manipulate certain parameters within the job submission process to assume the identity of another local user.…