CVE-2025-15495

HIGH WAF: Medium

CVSS 7.2 Published: 2026-01-09

CWE-434 CWE-434

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

Affected Software

Vendor	Product	Version
biggidroid	simple_php_cms	1.0

References

gitee.com (Exploit, Issue Tracking)
github.com (Exploit, Third Party Advisory)
vuldb.com (Permissions Required, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)

Back to CVE Database