Packagist (Composer) package
badaso/core
pkg:composer/badaso/core
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52353 | — | <= 2.9.11 | — | Aug 26, 2025 | An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes | ||
| CVE-2022-41705 | — | < 2.7.0 | 2.7.0 | Nov 25, 2022 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||
| CVE-2022-41711 | — | < 2.6.1 | 2.6.1 | Oct 25, 2022 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. |
- CVE-2025-52353Aug 26, 2025affected <= 2.9.11
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes
- CVE-2022-41705Nov 25, 2022affected < 2.7.0fixed 2.7.0
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
- CVE-2022-41711Oct 25, 2022affected < 2.6.1fixed 2.6.1
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.