CNNVD-202507-172 Information
CNNVD ID
CNNVD-202507-172
Related CVE
- CNNVD Published: 2025-07-02
Description (Chinese)
Microweber CMS是Microweber开源的一个拖放式网站构建器。 Microweber CMS 1.2.11及之前版本存在路径遍历漏洞,该漏洞源于文件包含问题,可能导致文件读取。
Description (English)
Micrower CMS is a drag-and-drop site builder of the Microwerber Open Source. Micrower CMS 1.2.11 and previous versions had a loophole in the path, which stemmed from the problem of document inclusion and could lead to document reading.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
Microweber
Published
2025-07-02
Last Modified
2026-02-24
References
https://github.com/microweber/microweber https://huntr.com/bounties/09218d3f-1f6a-48ae-981c-85e86ad5ed8b https://github.com/microweber/microweber/commit/98d025467128ecc24195dcb56c533febc3c91af6 https://github.com/microweber/microweber/commit/572bdc36b5b47923790016f6b961c8df53226855 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/gather/microweber_lfi.rb https://vulncheck.com/advisories/microweber-cms-lfi https://nvd.nist.gov/vuln/detail/CVE-2025-34076
Patch
https://github.com/microweber/microweber/releases
Share on: