4 matches found
CVE-2025-15263
BiggiDroid Simple PHP CMS 1.0 is affected in the Admin Login component, specifically the file /admin/login.php. The vulnerability allows SQL injection by manipulating the Username argument, with remote execution and publicly available exploit code. Multiple sources corroborate the issue, includin...
CVE-2025-15495
CVE-2025-15495 affects BiggiDroid Simple PHP CMS 1.0. The vulnerability is in the admin function/file /admin/editsite.php where manipulation of the argument image enables an unrestricted file upload. The issue can be exploited remotely, and publicly available exploit evidence exists (e.g., exploi...
CVE-2025-15169
The CVE-2025-15169 entry concerns BiggiDroid Simple PHP CMS 1.0. Affected functionality is in /admin/editsite.php; manipulating the ID parameter can cause SQL injection. The issue is exploitable remotely and an exploit has been publicly released. Red Hat and other connected records corroborate th...
CVE-2025-15262
CVE-2025-15262 affects BiggiDroid Simple PHP CMS 1.0, in the Site Logo Handler component (file /admin/edit.php). Manipulating the image argument reportedly yields unrestricted upload, enabling remote exploitation. Multiple sources confirm the exploit has been released publicly and may be exploite...