CNNVD-202507-3362 Information
CNNVD ID
CNNVD-202507-3362
Related CVE
- CNNVD Published: 2025-07-26
Description (Chinese)
HAX是HAX The Web开源的一个HAX+CMS使用PHP后端管理的微型网站。 HAX存在安全漏洞,该漏洞源于API端点未执行授权检查,可能导致未经授权的资源交互。
Description (English)
HAX is a micro-site managed by HAX+CMS using PHP backends, an open source of HAX The Web. HAX has a security loophole, which stems from the non-implementation of authorized inspections at the API endpoint, which may lead to the interaction of unauthorized resources.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
HAX The Web
Published
2025-07-26
Last Modified
2026-02-24
References
https://github.com/haxtheweb/issues/security/advisories/GHSA-9jr9-8ff3-m894 https://github.com/haxtheweb/haxcms-php/commit/24d30222481ada037597c4d7c0a51a1ef7af6cfd https://github.com/haxtheweb/haxcms-nodejs/commit/5826e9b7f3d8c7c7635411768b86b199fad36969 https://access.redhat.com/security/cve/cve-2025-54378 https://nvd.nist.gov/vuln/detail/CVE-2025-54378
Patch
https://github.com/haxtheweb/issues
Share on: