CNNVD-202508-226 Information

Aug 04, 2025 cve

CNNVD ID

CNNVD-202508-226

CVE-2025-8517

  • CNNVD Published: 2025-08-04

Description (Chinese)

Vvveb是Givan个人开发者的一个强大且易于使用的CMS,用于构建网站、博客或电子商务商店。 Vvveb 1.0.6.1版本存在安全漏洞,该漏洞源于攻击者可远程实施会话固定攻击。

Description (English)

Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Version 1.0.6.1 of Vvveb contains a security loophole, which stems from the ability of the assailant to carry out a fixed session attack remotely.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-04

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.318643 https://github.com/helloandrewpaul/Session-Fixation-in-Vvveb-CMS-v1.0.6.1 https://github.com/givanz/Vvveb/issues/312#issuecomment-2977995664 https://github.com/givanz/Vvveb/releases/tag/1.0.7 https://github.com/kwerty138/Session-Fixation-in-Vvveb-CMS-v1.0.6.1 https://vuldb.com/?submit.623135 https://github.com/givanz/Vvveb/commit/d4b1e030066417b77d15b4ac505eed5ae7bf2c5e https://vuldb.com/?id.318643 https://access.redhat.com/security/cve/cve-2025-8517 https://nvd.nist.gov/vuln/detail/CVE-2025-8517

Patch

https://github.com/givanz/Vvveb/releases

Share on: