CVE-2025-10245
4.8
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Summary
A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument current_folder results in path traversal. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Display Painéis | TGA | 7.1.0 | affected |
| Display Painéis | TGA | 7.1.1 | affected |
| Display Painéis | TGA | 7.1.2 | affected |
| Display Painéis | TGA | 7.1.3 | affected |
| Display Painéis | TGA | 7.1.4 | affected |
| Display Painéis | TGA | 7.1.5 | affected |
| Display Painéis | TGA | 7.1.6 | affected |
| Display Painéis | TGA | 7.1.7 | affected |
| Display Painéis | TGA | 7.1.8 | affected |
| Display Painéis | TGA | 7.1.9 | affected |
| Display Painéis | TGA | 7.1.10 | affected |
| Display Painéis | TGA | 7.1.11 | affected |
| Display Painéis | TGA | 7.1.12 | affected |
| Display Painéis | TGA | 7.1.13 | affected |
| Display Painéis | TGA | 7.1.14 | affected |
| Display Painéis | TGA | 7.1.15 | affected |
| Display Painéis | TGA | 7.1.16 | affected |
| Display Painéis | TGA | 7.1.17 | affected |
| Display Painéis | TGA | 7.1.18 | affected |
| Display Painéis | TGA | 7.1.19 | affected |
| Display Painéis | TGA | 7.1.20 | affected |
| Display Painéis | TGA | 7.1.21 | affected |
| Display Painéis | TGA | 7.1.22 | affected |
| Display Painéis | TGA | 7.1.23 | affected |
| Display Painéis | TGA | 7.1.24 | affected |
| Display Painéis | TGA | 7.1.25 | affected |
| Display Painéis | TGA | 7.1.26 | affected |
| Display Painéis | TGA | 7.1.27 | affected |
| Display Painéis | TGA | 7.1.28 | affected |
| Display Painéis | TGA | 7.1.29 | affected |
| Display Painéis | TGA | 7.1.30 | affected |
| Display Painéis | TGA | 7.1.31 | affected |
| Display Painéis | TGA | 7.1.32 | affected |
| Display Painéis | TGA | 7.1.33 | affected |
| Display Painéis | TGA | 7.1.34 | affected |
| Display Painéis | TGA | 7.1.35 | affected |
| Display Painéis | TGA | 7.1.36 | affected |
| Display Painéis | TGA | 7.1.37 | affected |
| Display Painéis | TGA | 7.1.38 | affected |
| Display Painéis | TGA | 7.1.39 | affected |
| Display Painéis | TGA | 7.1.40 | affected |
| Display Painéis | TGA | 7.1.41 | affected |
Weaknesses
- CWE-22: Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.323545
- https://vuldb.com/?ctiid.323545
- https://vuldb.com/?submit.642068
- https://github.com/lfparizzi/CVE-TGA-7.1.41/tree/main
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.