CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-7065

The CVE-2025-7065 entry involves PAD CMS photo upload where a client-controlled permission-check parameter allows unauthenticated remote attackers to upload files of any type/extension, potentially leading to Remote Code Execution. Affected are all three templates: www, bip, and ww+bip. The under...

CVE-2025-7065 Remote Code Execution via Unrestricted File Upload in PAD CMS

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www,...

CVE-2025-7063 Remote Code Execution via Unrestricted File Upload in PAD CMS

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...