LOW🇵🇱 Wersja polska

CVE-2025-12297

CVSS 2.1v4.0pub. 2025-10-27upd. 2026-04-29

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Pybbs Project Pybbs

    APP
    Pybbs Project
    ≤ 6.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-28702HIGH7.5ten sam produkt

A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive datab...

CVE-2025-8546MEDIUM5.5ten sam produkt

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the f...

CVE-2025-8547MEDIUM5.5ten sam produkt

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affec...

CVE-2022-23391MEDIUM6.1ten sam produkt

A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or ...

CVE-2025-8812LOW1.9ten sam produkt

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an un...