CNNVD-202506-3599 Information
CNNVD ID
CNNVD-202506-3599
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
openvpn-cms-flask是中国xiaoyunjie个人开发者的一个基于openvpn的web管理系统。 openvpn-cms-flask 1.2.7及之前版本存在注入漏洞,该漏洞源于文件/app/api/v1/openvpn.py中参数Username的错误操作导致命令注入。
Description (English)
Openvpn-cms-flask is a web-based management system based on openvpn of the Chinese personal developer xiaoyunjie. Openvpn-cms-flask 1.2.7 and previous versions contain an injection loophole, resulting from an error in the parameter Username in the document/app/api/v1/openvpn.py.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
Live Support
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6 https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24 https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464 https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8 https://vuldb.com/?ctiid.314091 https://vuldb.com/?id.314091 https://vuldb.com/?submit.602373 https://access.redhat.com/security/cve/cve-2025-6775
Patch
https://github.com/xiaoyunjie/openvpn-cms-flask/releases
Share on: