CNNVD-202506-2656 Information

CNNVD ID

CNNVD-202506-2656

Related CVE

CVE-2025-6335

• CNNVD Published: 2025-06-20

Description (Chinese)

DesDev DedeCMS（织梦内容管理系统）是中国卓卓（DesDev）公司的一套基于PHP的开源内容管理系统（CMS）。该系统具有内容发布、内容管理、内容编辑和内容检索等功能。 DesDev DedeCMS 5.7.2及之前版本存在注入漏洞，该漏洞源于对文件/include/dedetag.class.php中参数notes的错误操作导致命令注入。

Description (English)

DesDev DedeCMS is a PHP-based open-source content management system (CMS) for DesDev, China. The system has content publishing, content management, content editing and content retrieval functions. DesDev DedeCMS 5.7.2 and previous versions had an injection loophole, which resulted from an error in the nottes of the parameters in the document/include/dedetag.class.php.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

卓卓

Published

2025-06-20

Last Modified

2026-02-24

References

https://github.com/jujub00m/CVE/issues/1 https://vuldb.com/?id.313331 https://vuldb.com/?submit.596624 https://vuldb.com/?ctiid.313331 https://access.redhat.com/security/cve/cve-2025-6335