CNNVD-202507-3587 Information

CNNVD ID

CNNVD-202507-3587

Related CVE

CVE-2025-8264

• CNNVD Published: 2025-07-29

Description (Chinese)

Z-Push是Z-Hub开源的一个数据同步软件。 Z-Push 2.7.6之前版本存在安全漏洞，该漏洞源于未参数化查询，可能导致SQL注入攻击。

Description (English)

Z-Push is a data sync software for Z-Hub open source. There was a security gap in the previous version of Z-Push 2.7.6, which stemmed from unparametrical queries and could lead to an attack by SQL.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Z-Hub

Published

2025-07-29

Last Modified

2026-02-24

References

https://github.com/Z-Hub/Z-Push/blob/af25a2169a50d6e05a5916d1e8b2b6cd17011c98/src/backend/imap/user_identity.php%23L211C9-L214C25 https://github.com/Z-Hub/Z-Push/pull/161 https://github.com/Z-Hub/Z-Push/pull/161/commits/f981d515a35ac4c303959af21dce880a5db02786 https://security.snyk.io/vuln/SNYK-PHP-ZPUSHZPUSHDEV-10908180 https://xbow.com/blog/xbow-zpush-sqli/

Patch

https://github.com/Z-Hub/Z-Push/releases