Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 23, 2026

CVE-2025-70833

Description

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.

Affected products

Smanga/Smangadescription
Smanga/Smangallm-fuzzy
Range: = 3.2.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/LX-66-LX/cve/issues/4mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000