GCVE - cpe:2.3:a:n/a:continew_admin:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:continew_admin:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Continew Admin (`b7848229-d4d6-5923-a4d8-852dd4dd02e4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-3750`	vulnerable	2026-06-08 08:01:19.315502	ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery MEDIUM (4.7) A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-08T16:32:07.822Z Updated: 2026-03-11T19:36:46.340Z Open on db.gcve.eu Reference links https://vuldb.com/?id.349728 https://vuldb.com/?ctiid.349728 https://vuldb.com/?submit.768033 https://www.notion.so/ContiNew-Admin-Server-Side-Request-Forgery-SSRF-vulnerability-in-storage-management-module-313ea92a3c4180b897f5e6352906bf1f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4552`	vulnerable	2026-06-08 07:29:16.433019	ContiNew Admin password unverified password change MEDIUM (5.4) A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-05-11T23:31:04.342Z Updated: 2025-05-12T15:05:41.241Z Open on db.gcve.eu Reference links https://vuldb.com/?id.308299 https://vuldb.com/?ctiid.308299 https://vuldb.com/?submit.567572 https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#21dev-apisystemuser1password-only-assigning-password-reset-permission-can-reset-the-super-administrator-password	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4551`	vulnerable	2026-06-08 07:29:16.431545	ContiNew Admin file cross site scripting LOW (3.5) A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-05-11T23:00:06.082Z Updated: 2025-05-12T15:06:14.474Z Open on db.gcve.eu Reference links https://vuldb.com/?id.308298 https://vuldb.com/?ctiid.308298 https://vuldb.com/?submit.567568 https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#1stored-cross-site-scripting	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.