CNNVD-202508-097 Information
Aug 01, 2025
cve
CNNVD ID
CNNVD-202508-097
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
InstantCMS是instantSoft开源的一个免费的开源 CMS。 InstantCMS 1.6及之前版本存在安全漏洞,该漏洞源于eval函数使用不当,可能导致远程代码执行。
Description (English)
InstantCMS is a free open source for instantSoft. There is a security loophole in the InstantCMS 1.6 and earlier versions, which stems from the inappropriate use of the eval function and may lead to remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
instantSoft
Published
2025-08-01
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/26622 https://packetstorm.news/files/id/122176 https://www.vulncheck.com/advisories/instantcms-remote-php-code-execution https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/instantcms_exec.rb https://access.redhat.com/security/cve/cve-2013-10051
Patch
https://github.com/instantsoft/icms2/releases
Share on: