CVE-2025-1186 | dayrui XunRuiCMS up to 4.6.4 /Control/Api/Api.php thumb deserialization

Inserito da Angelo Barbosa | Feb 10, 2025 | CVE

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization.

This vulnerability was named CVE-2025-1186. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1186 | dayrui XunRuiCMS up to 4.6.4 /Control/Api/Api.php thumb deserialization

Post correlati

CVE-2024-10226 | Arconix Shortcodes Plugin up to 2.1.13 on WordPress Shortcode box cross site scripting

CVE-2024-2311 | Avada Plugin up to 7.11.6 on WordPress Shortcode cross site scripting

CVE-2023-49473 | Shenzhen JF6000 Cloud Media Collaboration Processing Platform access control

CVE-2024-31100 | Festi-Team Popup Cart Lite for WooCommerce Plugin up to 1.1 on WordPress cross-site request forgery