CVE-2025-4552 | ContiNew Admin up to 3.6.0 password unverified password change

Inserito da Angelo Barbosa | Mag 10, 2025 | CVE

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change.

This vulnerability is known as CVE-2025-4552. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4552 | ContiNew Admin up to 3.6.0 password unverified password change

Post correlati

CVE-2024-10411 | SourceCodester Online Hotel Reservation System 1.0 controller.php id sql injection

CVE-2024-53734 | Idealien Studios Idealien Category Enhancements Plugin up to 1.2 on WordPress cross-site request forgery

CVE-2024-41476 | AMTT Hotel Broadband Operation System up to 3.0.3.151204 card_detail.php sql injection

CVE-2024-34891 | 1C-Bitrix Bitrix24 23.300.100 DAV Server Setting insufficiently protected credentials