VYPR

Packagist (Composer) package

badaso/core

pkg:composer/badaso/core

Vulnerabilities (3)

  • CVE-2025-52353Aug 26, 2025
    affected <= 2.9.11

    An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes

  • CVE-2022-41705Nov 25, 2022
    affected < 2.7.0fixed 2.7.0

    Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

  • CVE-2022-41711Oct 25, 2022
    affected < 2.6.1fixed 2.6.1

    Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.