Login Sign Up

CVE-2025-15495

4.7 MEDIUM
Remote Code Execution

📋 TL;DR

This vulnerability in BiggiDroid Simple PHP CMS 1.0 allows attackers to upload arbitrary files via the /admin/editsite.php endpoint due to insufficient file upload restrictions. This affects all installations of Simple PHP CMS 1.0 with the admin interface accessible, potentially leading to remote code execution or system compromise.

💻 Affected Systems

Products:
  • BiggiDroid Simple PHP CMS
Versions: 1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin interface access; default installations with admin panel exposed are vulnerable.

📦 What is this software?

Simple Php Cms by Biggidroid

View all CVEs affecting Simple Php Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data exfiltration, or ransomware deployment.

🟠

Likely Case

Malicious file upload leading to webshell installation and persistent backdoor access.

🟢

If Mitigated

File upload blocked or contained with proper input validation and file type restrictions.

🌐 Internet-Facing: HIGH - Attack can be launched remotely and exploit is publicly available.
🏢 Internal Only: MEDIUM - Still vulnerable if internal attackers have network access to admin interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access; manipulation of 'image' parameter in /admin/editsite.php allows unrestricted file upload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None - vendor did not respond to disclosure.

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative CMS or implementing workarounds.

🔧 Temporary Workarounds

Restrict file upload types

all

Modify editsite.php to validate file extensions and MIME types before accepting uploads.

Edit /admin/editsite.php to add file type validation (e.g., only allow .jpg, .png, .gif)

Disable admin interface

linux

Remove or restrict access to /admin/ directory if not needed.

chmod 000 /admin/editsite.php
or add authentication middleware

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block malicious file upload patterns.
  • Restrict network access to admin interface using IP whitelisting or VPN.

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a non-image file (e.g., .php, .txt) via /admin/editsite.php image parameter.

Check Version:

Check CMS version in configuration files or admin panel.

Verify Fix Applied:

Test that only allowed file types can be uploaded and malicious files are rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /admin/editsite.php
  • POST requests with unexpected file extensions

Network Indicators:

  • HTTP POST to /admin/editsite.php with file uploads
  • Subsequent requests to uploaded malicious files

SIEM Query:

source="web_logs" AND uri="/admin/editsite.php" AND method="POST" AND file_extension NOT IN ("jpg","png","gif")

📊 Metadata

CVE ID: CVE-2025-15495
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.06% exploit probability (18th percentile)
Published: January 9, 2026
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15495, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)