CVE-2025-6843

A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://github.com/ez-lbz/poc/issues/13 Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.314286 Permissions Required VDB Entry
https://vuldb.com/?id.314286 Third Party Advisory VDB Entry
https://vuldb.com/?submit.603263 Third Party Advisory VDB Entry
https://github.com/ez-lbz/poc/issues/13 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:fabian:simple_photo_gallery:1.0:*:*:*:*:*:*:*

History

10 Jul 2025, 00:52

Type Values Removed Values Added
CPE cpe:2.3:a:fabian:simple_photo_gallery:1.0:*:*:*:*:*:*:*
First Time Fabian
Fabian simple Photo Gallery
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/ez-lbz/poc/issues/13 - () https://github.com/ez-lbz/poc/issues/13 - Exploit, Issue Tracking, Third Party Advisory
References () https://vuldb.com/?ctiid.314286 - () https://vuldb.com/?ctiid.314286 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.314286 - () https://vuldb.com/?id.314286 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.603263 - () https://vuldb.com/?submit.603263 - Third Party Advisory, VDB Entry

30 Jun 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en code-projects Simple Photo Gallery 1.0. Se ha clasificado como crítica. Se ve afectada una función desconocida del archivo /upload-photo.php. La manipulación del argumento file_img permite la carga sin restricciones. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/ez-lbz/poc/issues/13 - () https://github.com/ez-lbz/poc/issues/13 -

29 Jun 2025, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-29 04:15

Updated : 2025-07-10 00:52


NVD link : CVE-2025-6843

Mitre link : CVE-2025-6843

CVE.ORG link : CVE-2025-6843


JSON object : View

Products Affected

fabian

  • simple_photo_gallery
CWE
CWE-284

Improper Access Control

CWE-434

Unrestricted Upload of File with Dangerous Type