97 matches found
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
EUVD-2025-206105
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398
Uasoft Badaso up to version 2.9.7 has a weakness in the forgetPassword path of the Token Handler (src/Controllers/BadasoAuthController.php). The vulnerability, described as a remote‑executable weakness in password recovery, arises from the forgetPassword function and is characterized by high atta...
PT-2025-54460
Name of the Vulnerable Software and Affected Versions Uasoft badaso versions up to 2.9.7 Description A security issue exists in Uasoft badaso up to version 2.9.7 related to weak password recovery. The forgetPassword function within the src/Controllers/BadasoAuthController.php file of the Token...
Badaso 安全漏洞
Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A security vulnerability exists in Badaso 2.9.7 and earlier versions, which stems from a weak password recovery mechanism in the getPassword function in the Token Handler component file...
EUVD-2023-42733
Malicious code in bioql PyPI...
EUVD-2022-7093
Malicious code in bioql PyPI...
EUVD-2025-25830
Malicious code in bioql PyPI...
EUVD-2022-7337
Malicious code in bioql PyPI...
EUVD-2023-42729
Malicious code in bioql PyPI...
EUVD-2023-42732
Malicious code in bioql PyPI...
EUVD-2023-42730
Malicious code in bioql PyPI...
EUVD-2023-2230
Malicious code in bioql PyPI...
Arbitrary Code Execution
badaso/core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper content-type validation in the Media Manager file-upload endpoint, which allows an attacker to upload PHP files disguised as other formats and execute arbitrary system commands, leading to full host...
CVE-2025-52353
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...
GHSA-GQP9-JH35-439M Badaso CMS file upload vulnerability
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...