2 matches found
CVE-2025-70831
A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...
CVE-2025-70831
CVE-2025-70831 affects Smanga 3.2.7 and is due to improper sanitization of the mediaId parameter in the /php/path/rescan.php interface, where unsanitized input is used in a system shell command. This leads to remote code execution and can enable full server compromise by an unauthenticated attack...