CVE-2025-10764 | SeriaWei ZKEACMS up to 4.3 Event Action System PendingTaskController.cs Edit Data server-side request forgery

Inserito da Angelo Barbosa | Set 20, 2025 | CVE

A vulnerability labeled as critical has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery.

This vulnerability is listed as CVE-2025-10764. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10764 | SeriaWei ZKEACMS up to 4.3 Event Action System PendingTaskController.cs Edit Data server-side request forgery

Post correlati

CVE-2024-56737 | GNU Grub2 up to 2.12 HFS Filesystem fs/hfs.c heap-based overflow

CVE-2025-6621 | TOTOLINK CA300-PoE 6.2c.884 ap.so QuickSetting hour/minute os command injection

CVE-2024-33807 | campcodes Complete Web-Based School Management System 1.0 get_teacher_timetable.php grade sql injection

CVE-2025-22820 | Daniel Walmsley VR Views Plugin up to 1.5.1 on WordPress cross site scripting