CNNVD-202508-1421 Information

CNNVD ID

CNNVD-202508-1421

Related CVE

CVE-2025-45317

• CNNVD Published: 2025-08-13

Description (Chinese)

HortusFox是HortusFox公司的一个免费且开源的自托管植物管理器系统。 HortusFox v4.4版本存在安全漏洞，该漏洞源于/modules/ImportModule.php组件处理压缩文件不当，可能导致任意代码执行。

Description (English)

HortusFox is a free and open-source plant manager system of HortusFox. There is a security loophole in version HortusFox v. 4.4, which stems from inadequate processing of compressed files for the /modules/ImportModule.php component, which may lead to any code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HortusFox

Published

2025-08-13

Last Modified

2026-02-24

References

https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/modules/ImportModule.php#L28 https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-45317/CVE-2025-45317.md https://access.redhat.com/security/cve/cve-2025-45317

Patch

https://www.hortusfox.com/