CNNVD-202508-238 Information
CNNVD ID
CNNVD-202508-238
Related CVE
- CNNVD Published: 2025-08-04
Description (Chinese)
Sourceforge LibrettoCMS是Sourceforge开源的一款内容管理系统。 Sourceforge LibrettoCMS 1.1.7及之前版本存在安全漏洞,该漏洞源于文件管理器插件未正确验证文件扩展名,可能导致远程代码执行。
Description (English)
Sourceforge LibrettoCMS is an open-source content management system. The security loophole in the sourceforge LibrettoCMS 1.1.7 and earlier versions arises from the fact that the file manager plugin does not correctly verify the file extension, which may lead to remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sourceforge
Published
2025-08-04
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/26213 https://www.vulncheck.com/advisories/librettocms-file-manager-arbitrary-file-upload https://sourceforge.net/projects/librettocms/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/libretto_upload_exec.rb https://www.exploit-db.com/exploits/26421 https://access.redhat.com/security/cve/cve-2013-10054
Share on: