Skip to main content

Smanga

4 CVEs product

Monthly

CVE-2025-70833 CRITICAL Act Now

Auth bypass in Smanga 3.2.7 allows unauthenticated password reset for any user including admin.

PHP Authentication Bypass Smanga
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-70831 CRITICAL Act Now

RCE in Smanga 3.2.7 via command injection in /php/path/rescan.php. EPSS 0.29%.

PHP RCE Smanga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-34193 HIGH POC This Week

smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Smanga
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36076 CRITICAL POC Act Now

SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Smanga
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
EPSS 0% CVSS 9.4
CRITICAL Act Now

Auth bypass in Smanga 3.2.7 allows unauthenticated password reset for any user including admin.

PHP Authentication Bypass Smanga
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

RCE in Smanga 3.2.7 via command injection in /php/path/rescan.php. EPSS 0.29%.

PHP RCE Smanga
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Smanga
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy