Manuel Iván San Martín Castillo - Security Researcher

CVE-2025-10353 GITHUB CRITICAL WRITEUP

Melisplatform Melis-cms-slider < 5.3.1 - Remote Code Execution

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.

1 stars

View Code

CVE-2025-10352 GITHUB CRITICAL WRITEUP

Melisplatform Melis-core < 5.3.11 - Missing Authorization

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.

1 stars

View Code

CVE-2025-10351 NOMISEC CRITICAL SCANNER

Melisplatform Melis-cms < 5.3.4 - SQL Injection

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint.

1 stars

View Code

CVE-2025-10351 NOMISEC CRITICAL WORKING POC

Melisplatform Melis-cms < 5.3.4 - SQL Injection

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint.

1 stars

View Code

CVE-2025-10353 VULNCHECK_XDB CRITICAL WRITEUP

Melisplatform Melis-cms-slider < 5.3.1 - Remote Code Execution

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.

View Code

CVE-2025-10352 WRITEUP CRITICAL WRITEUP

Melisplatform Melis-core < 5.3.11 - Missing Authorization

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.

View Code

CVE-2025-10353 WRITEUP CRITICAL WRITEUP

Melisplatform Melis-cms-slider < 5.3.1 - Remote Code Execution

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.

View Code