CVE-2025-0722 | needyamin image_gallery 1.0 Cover Image /admin/gallery.php image unrestricted upload

A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload.

This vulnerability was named CVE-2025-0722. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0722 | needyamin image_gallery 1.0 Cover Image /admin/gallery.php image unrestricted upload

Post correlati

CVE-2024-3868 | Folders Pro Plugin up to 3.0.2 on WordPress First Name/Last Name cross site scripting

CVE-2024-1418 | CGC Maintenance Mode Plugin up to 1.2 on WordPress information disclosure

CVE-2024-5279 | Qiwen Netdisk up to 1.4.0 File Rename cross site scripting (I8W3H2)

CVE-2024-47819 | Umbraco CMS up to 14.3.0 Dictionary Section cross site scripting (GHSA-c5g6-6xf7-qxp3)