97 matches found
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
EUVD-2025-206105
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398
Uasoft Badaso up to version 2.9.7 has a weakness in the forgetPassword path of the Token Handler (src/Controllers/BadasoAuthController.php). The vulnerability, described as a remote‑executable weakness in password recovery, arises from the forgetPassword function and is characterized by high atta...
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
PT-2025-54460
Name of the Vulnerable Software and Affected Versions Uasoft badaso versions up to 2.9.7 Description A security issue exists in Uasoft badaso up to version 2.9.7 related to weak password recovery. The forgetPassword function within the src/Controllers/BadasoAuthController.php file of the Token...
Badaso 安全漏洞
Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A security vulnerability exists in Badaso 2.9.7 and earlier versions, which stems from a weak password recovery mechanism in the getPassword function in the Token Handler component file...
EUVD-2023-42730
Malicious code in bioql PyPI...
EUVD-2023-2230
Malicious code in bioql PyPI...
EUVD-2023-42729
Malicious code in bioql PyPI...
EUVD-2022-7093
Malicious code in bioql PyPI...
EUVD-2025-25830
Malicious code in bioql PyPI...
EUVD-2023-42733
Malicious code in bioql PyPI...
EUVD-2023-42732
Malicious code in bioql PyPI...
EUVD-2022-7337
Malicious code in bioql PyPI...
Arbitrary Code Execution
badaso/core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper content-type validation in the Media Manager file-upload endpoint, which allows an attacker to upload PHP files disguised as other formats and execute arbitrary system commands, leading to full host...
CVE-2025-52353
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...
Arbitrary File Upload
Overview badaso/core is an API and platform builder Affected versions of this package are vulnerable to Arbitrary File Upload via the file-upload process. An attacker can execute arbitrary code on the server by uploading a file containing embedded PHP code, bypassing content-type validation, and...