5 matches found
CVE-2025-70833
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user including the administrator and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php...
VulnCheck KEV: CVE-2024-34193
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading...
CVE-2024-34193
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading...
PT-2024-25731 · Smanga · Smanga
Name of the Vulnerable Software and Affected Versions: smanga version 3.2.7 Description: The issue is related to a path traversal vulnerability. It occurs because the file parameter at the "PHP/get file flow.php" interface is not properly filtered, allowing for arbitrary file reading...
CVE-2023-36076
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php...