CVE-2025-15197

Summary

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

Affected Software

VendorProductVersion RangeStatus
code-projectsContent Management System1.0affected
code-projectsNews-Buzz1.0affected
anirbandutta9Content Management System1.0affected
anirbandutta9News-Buzz1.0affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References