A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."
References
| Link | Resource |
|---|---|
| https://github.com/WinterChenS/my-site/issues/97 | Exploit Issue Tracking |
| https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791 | Issue Tracking |
| https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571 | Issue Tracking |
| https://vuldb.com/?ctiid.319372 | Permissions Required VDB Entry |
| https://vuldb.com/?id.319372 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.622421 | Third Party Advisory VDB Entry |
| https://github.com/WinterChenS/my-site/issues/97 | Exploit Issue Tracking |
| https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791 | Issue Tracking |
| https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571 | Issue Tracking |
| https://vuldb.com/?submit.622421 | Third Party Advisory VDB Entry |
Configurations
History
11 Sep 2025, 17:05
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:winterchens:my-site:2025-06-11:*:*:*:*:*:*:* | |
| First Time |
Winterchens my-site
Winterchens |
|
| References | () https://github.com/WinterChenS/my-site/issues/97 - Exploit, Issue Tracking | |
| References | () https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791 - Issue Tracking | |
| References | () https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571 - Issue Tracking | |
| References | () https://vuldb.com/?ctiid.319372 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.319372 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.622421 - Third Party Advisory, VDB Entry | |
| Summary | (es) Se ha encontrado una vulnerabilidad en WinterChenS my-site hasta 1f7525f15934d9d6a278de967f6ec9f1757738d8. Esta vulnerabilidad afecta a la función preHandle del archivo /admin/ de la interfaz de backend del componente. La manipulación del argumento uri provoca una autenticación incorrecta. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. La existencia real de esta vulnerabilidad aún se duda. Este producto utiliza una versión continua para garantizar una distribución continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las actualizadas. El responsable del código respondió al problema: "Lo probó y, al usar este enlace, se redirige automáticamente a la página de inicio de sesión". |
11 Aug 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/WinterChenS/my-site/issues/97 - | |
| References | () https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791 - | |
| References | () https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571 - | |
| References | () https://vuldb.com/?submit.622421 - | |
| Summary |
|
11 Aug 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-11 09:15
Updated : 2025-09-11 17:05
NVD link : CVE-2025-8838
Mitre link : CVE-2025-8838
CVE.ORG link : CVE-2025-8838
JSON object : View
Products Affected
winterchens
- my-site
CWE
CWE-287
Improper Authentication