VYPR

Smanga

by Smanga

CVEs (4)

  • CVE-2023-36076CriSep 1, 2023
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.

  • CVE-2024-34193HigMay 20, 2024
    risk 0.49cvss 7.5epss 0.01

    smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.

  • CVE-2025-70831Feb 20, 2026
    risk 0.00cvss epss 0.01

    A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker…

  • CVE-2025-70833Feb 20, 2026
    risk 0.00cvss epss 0.00

    An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in…