CVE-2025-1107

CRITICAL Year: 2025
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-620
View all →

Vulnerability Description

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

Related Vulnerabilities

CVE-2024-12824

CRITICAL
CVSS:9.8(Critical)

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly...

CWE-6202024

CVE-2024-12860

CRITICAL
CVSS:9.8(Critical)

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugi...

CWE-6202024

CVE-2024-13375

CRITICAL
CVSS:9.8(Critical)

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user...

CWE-6202024

CVE-2024-20419

CRITICAL
CVSS:10.0(Critical)

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including adminis...

CWE-6202024

CVE-2024-26520

CRITICAL
CVSS:9.8(Critical)

An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets...

CWE-6202024

CVE-2024-37998

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affect...

CWE-6202024