Path Traversal Vulnerability in Zavy86 WikiDocs
CVE-2025-7575

5.1MEDIUM

Key Information:

Vendor: Zavy86
Status: Wikidocs
Vendor: CVE Published:; 14 July 2025

What is CVE-2025-7575?

A path traversal vulnerability exists in Zavy86 WikiDocs versions up to 1.0.77, specifically within the image_drop_upload_ajax/image_delete_ajax function in the submit.php file. This flaw allows an attacker to manipulate file paths, potentially leading to unauthorized file access and removal. The vulnerability can be exploited remotely, posing a significant risk to users. It is essential for users to upgrade to version 1.0.78, which addresses this issue to ensure continued security of their applications.

Affected Version(s)

WikiDocs 1.0.67

WikiDocs 1.0.68

WikiDocs 1.0.69

References

https://vuldb.com/?id.316273

vdb-entrytechnical-description

https://vuldb.com/?ctiid.316273

signaturepermissions-required

https://vuldb.com/?submit.609096

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025
Vulnerability Reserved
Jul 13, 2025

Credit

Matan Haim Sandori

MatanS (VulDB User)