CVE-2025-70831

A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...

CVE-2025-70831

A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...

CVE-2025-70831

CVE-2025-70831 affects Smanga 3.2.7 and is due to improper sanitization of the mediaId parameter in the /php/path/rescan.php interface, where unsanitized input is used in a system shell command. This leads to remote code execution and can enable full server compromise by an unauthenticated attack...

PT-2026-21192

Name of the Vulnerable Software and Affected Versions Smanga version 3.2.7 Description The application does not properly sanitize user input in the mediaId parameter of the '/php/path/rescan.php' interface before it is used in a system shell command. This allows an unauthenticated attacker to...

Smanga SQL Injection Vulnerability

Smanga is a docker direct-installed comic streaming reading tool by lkw199711 individual developer. A SQL injection vulnerability exists in smanga 3.1.9 and earlier versions, which allows remote attackers to execute arbitrary code and obtain sensitive information via the mediaId, mangaId, and...