We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-7575

Zavy86 WikiDocs submit.php image_delete_ajax path traversal



Description

EN DE

A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_delete_ajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 1.0.78 is able to address this issue. The identifier of the patch is 98ea9ee4a2052c4327f89d2f7688cc1b5749450d. It is recommended to upgrade the affected component.

In Zavy86 WikiDocs bis 1.0.77 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion image_drop_upload_ajax/image_delete_ajax der Datei submit.php. Dank Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.0.78 vermag dieses Problem zu lösen. Der Patch wird als 98ea9ee4a2052c4327f89d2f7688cc1b5749450d bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

Reserved 2025-07-13 | Published 2025-07-14 | Updated 2025-07-14 | Assigner VulDB


MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 4.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
5.8AV:N/AC:L/Au:M/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

Path Traversal

Product status

1.0.67
affected

1.0.68
affected

1.0.69
affected

1.0.70
affected

1.0.71
affected

1.0.72
affected

1.0.73
affected

1.0.74
affected

1.0.75
affected

1.0.76
affected

1.0.77
affected

1.0.78
unaffected

Timeline

2025-07-13:Advisory disclosed
2025-07-13:VulDB entry created
2025-07-13:VulDB entry last update

Credits

Matan Haim Sandori finder

MatanS (VulDB User) reporter

MatanS (VulDB User) analyst

References

vuldb.com/?id.316273 (VDB-316273 | Zavy86 WikiDocs submit.php image_delete_ajax path traversal) vdb-entry technical-description

vuldb.com/?ctiid.316273 (VDB-316273 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.609096 (Submit #609096 | Zavy86 WikiDocs 1.0.77 Administrator Arbitrary File Deletion via Path Traversal) third-party-advisory

github.com/Zavy86/WikiDocs/pull/258 issue-tracking

github.com/...ommit/98ea9ee4a2052c4327f89d2f7688cc1b5749450d patch

github.com/Zavy86/WikiDocs/releases/tag/1.0.78 patch

cve.org (CVE-2025-7575)

nvd.nist.gov (CVE-2025-7575)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-7575

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.