CNNVD-202507-3273 Information

Jul 25, 2025 cve

CNNVD ID

CNNVD-202507-3273

CVE-2014-125116

CNNVD Published: 2025-07-25

Description (Chinese)

Hybridauth是Hybridauth开源的一个基于Web 的认证和授权软件。 Hybridauth 2.0.9至2.2.2版本存在安全漏洞，该漏洞源于install.php脚本未正确清理输入，可能导致远程代码执行。

Description (English)

Hybridath is a Web-based authentication and authorization software from Hybridath. There is a security loophole in the Hybridauth, versions 2.0.9 to 2.2.2, which originates from install.php scripts that did not properly clean the input, which may lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Hybridauth

Published

2025-07-25

Last Modified

2026-02-24

References

https://hybridauth.github.io/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb https://vulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-HYBRIDAUTH_INSTALL_PHP_EXEC- https://www.exploit-db.com/exploits/34273 https://www.exploit-db.com/exploits/34390 https://www.vulncheck.com/advisories/hybridauth-unauth-rce-via-config-injection https://access.redhat.com/security/cve/cve-2014-125116

Patch

https://github.com/hybridauth/hybridauth/releases

Share on: