CVE-2025-10764 | SeriaWei ZKEACMS up to 4.3 Event Action System PendingTaskController.cs Edit Data server-side request forgery

Inserito da Angelo Barbosa | Set 20, 2025 | CVE

A vulnerability labeled as critical has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery.

This vulnerability is listed as CVE-2025-10764. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10764 | SeriaWei ZKEACMS up to 4.3 Event Action System PendingTaskController.cs Edit Data server-side request forgery

Post correlati

CVE-2024-20473 | Cisco Secure Firewall Management Center Software sql injection (cisco-sa-fmc-sql-inj-LOYAFcfq)

CVE-2022-40744 | IBM Aspera Faspex 5.0.6 Web UI cross site scripting (XFDB-236441)

CVE-2024-13035 | code-projects Chat System 1.0 /admin/update_user.php id sql injection

CVE-2025-11582 | code-projects Online Job Search Engine 1.0 /registration.php txtusername sql injection