VYPR
Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 23, 2026

CVE-2025-70831

CVE-2025-70831

Description

A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Smanga/Smangacpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =3.2.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.