CVE-2025-5512 | quequnlong shiyi-blog up to 1.2.1 Administrator Backend verifyPassword improper authentication

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2025-5512. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5512 | quequnlong shiyi-blog up to 1.2.1 Administrator Backend verifyPassword improper authentication

Post correlati

CVE-2024-7738 | yzane vscode-markdown-pdf 1.5.0 Markdown File pathname traversal

CVE-2024-9374 | Terms Descriptions Plugin up to 3.4.6 on WordPress cross site scripting

CVE-2024-36259 | Odoo Community/Enterprise up to 17.0 access control (Issue 199330)

CVE-2024-34765 | Sensei Pro WC Paid Courses Plugin up to 4.23.1.1.23.1 on WordPress cross site scripting