CVE-2025-8518 PoC — givanz Vvveb Code Editor code.php save code injection

Source

https://github.com/maestro-ant/Vvveb-CMS-CVE-2025-8518

Associated Vulnerability

Title:givanz Vvveb Code Editor code.php save code injection (CVE-2025-8518)
Description:A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.

Description

This repository contains a Proof of Concept (PoC) demonstrating a critical vulnerability in givanz Vvveb 1.0.5. The vulnerability allows an authenticated user with template editing privileges to write arbitrary PHP code to server files, leading to Remote Code Execution (RCE).

Readme

# Vvveb-CMS-CVE-2025-8518
This repository contains a Proof of Concept (PoC) demonstrating a critical vulnerability in givanz Vvveb 1.0.5. The vulnerability allows an authenticated user with template editing privileges to write arbitrary PHP code to server files, leading to Remote Code Execution (RCE).

File Snapshot


 [4.0K]  /data/pocs/fa2e9252b79d4647b2a4832a8d917ff8c6f1f10f
├── [3.3K]  Deployment-Instructions.md
├── [1.0K]  LICENSE
├── [ 303]  README.md
└── [1.2M]  Vvveb CMS CVE-2025-8518.pdf

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!