CyberSecurityBoard
Sponsor Register Login

CVE-2025-1598

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

This Cyber News was published on www.tenable.com. Publication date: Tue, 25 Feb 2025 00:56:02 +0000


Cyber News related to CVE-2025-1598

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
1 week ago Cybersecuritynews.com
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
5 days ago Bleepingcomputer.com
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. By combining these vulnerabilities, ...
5 days ago Cybersecuritynews.com
Microsoft fixes bug causing Windows Server 2025 boot errors - In November, Redmond addressed another series of bugs that were triggering install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count, and one month later, a known issue causing boot failures on ...
1 week ago Bleepingcomputer.com
CVE-2025-1598 - A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument ...
1 day ago Tenable.com
PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
1 week ago Bleepingcomputer.com
CISA flags Craft CMS code injection flaw as exploited in attacks - The CVE-2025-23209 vulnerability only becomes an issue if an attacker has already obtained this security key, which opens the way to decrypt sensitive data, generate fake authentication tokens, or inject and execute malicious code remotely. The flaw ...
3 days ago Bleepingcomputer.com
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw ...
4 days ago Cybersecuritynews.com
CVE-2007-1598 - Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party ...
7 years ago
CVE-2005-1598 - SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. ...
7 years ago
CVE-2006-1598 - AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension. ...
6 years ago
CVE-2017-1598 - IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. ...
5 years ago
CVE-2014-1598 - centurystar 7.12 ActiveX Control has a Stack Buffer Overflow ...
5 years ago
CVE-2013-1598 - A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. ...
5 years ago
CVE-2002-1598 - Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock. ...
3 years ago
CVE-2020-1598 - <p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated ...
1 year ago
CVE-2009-1598 - Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions ...
3 years ago
CVE-2008-1598 - The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. ...
13 years ago
CVE-2012-1598 - Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." ...
12 years ago
CVE-2021-1598 - Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service ...
3 years ago
CVE-2011-1598 - The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other ...
2 years ago
CVE-2022-1598 - The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. ...
1 year ago
CVE-1999-1598 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none ...
55 years ago Tenable.com
CVE-2024-1598 - Potential buffer overflow ...
9 months ago
CVE-2024-20153 - In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...
1 month ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)