BiggiDroid Simple PHP CMS editsite.php unrestricted upload_CVE-2025-15495

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15495

Source VulDB

Published Jan 9, 2026 at 17:02

Modified Jan 9, 2026 at 18:36

Affected Product

Vendor BiggiDroid

Product Simple PHP CMS

Version 1.0

Affected Versions BiggiDroid Simple PHP CMS 1.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-01-09T17:02:09.494Z",
    "modified": "2026-01-09T18:36:52.503Z",
    "type": "cve",
    "title": "BiggiDroid Simple PHP CMS editsite.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.340273\nhttps://vuldb.com/?ctiid.340273\nhttps://vuldb.com/?submit.725890\nhttps://vuldb.com/?submit.726040\nhttps://gitee.com/hdert/ck/issues/IDGO28\nhttps://github.com/Asim-QAZi/RCE-Simplephpblog-biggiedroid",
    "id": "CVE-2025-15495",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "BiggiDroid Simple PHP CMS 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Simple PHP CMS",
    "version": "1.0",
    "vendor": "BiggiDroid",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}