CNNVD-202508-237 Information

CNNVD ID

CNNVD-202508-237

Related CVE

CVE-2025-8518

• CNNVD Published: 2025-08-04

Description (Chinese)

Vvveb是Givan个人开发者的一个强大且易于使用的CMS，用于构建网站、博客或电子商务商店。 Vvveb 1.0.5版本存在注入漏洞，该漏洞源于文件admin/controller/editor/code.php中函数Save的错误操作导致代码注入。

Description (English)

Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Version 1.5 of Vvveb has an injection loophole, which results from an error in the document ’ s admin/controller/editor/code.php function, Save.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

个人开发者

Published

2025-08-04

Last Modified

2026-02-24

References

https://vuldb.com/?submit.624971 https://hkohi.ca/vulnerability/8 https://vuldb.com/?id.318644 https://vuldb.com/?ctiid.318644 https://github.com/givanz/Vvveb/releases/tag/1.0.6 https://github.com/givanz/Vvveb/commit/f684f3e374d04db715730fc4796e102f5ebcacb2 https://gist.github.com/0xHamy/f16fb399f8dd3a973acadc18fa07b1cb https://access.redhat.com/security/cve/cve-2025-8518 https://nvd.nist.gov/vuln/detail/CVE-2025-8518

Patch

https://github.com/givanz/Vvveb/releases