CNNVD-202508-245 Information

CNNVD ID

CNNVD-202508-245

Related CVE

CVE-2025-8520

• CNNVD Published: 2025-08-04

Description (Chinese)

Vvveb是Givan个人开发者的一个强大且易于使用的CMS，用于构建网站、博客或电子商务商店。 Vvveb 1.0.5及之前版本存在代码问题漏洞，该漏洞源于对参数url的错误操作导致服务端请求伪造。

Description (English)

Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Vvveb 1.5 and previous versions had a code problem loophole, which stemmed from an error in the operation of the parameter url, which led to the forgery of the service request.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-08-04

Last Modified

2026-02-24

References

https://vuldb.com/?id.318646 https://github.com/givanz/Vvveb/releases/tag/1.0.6 https://vuldb.com/?submit.624973 https://github.com/givanz/Vvveb/commit/f684f3e374d04db715730fc4796e102f5ebcacb2 https://hkohi.ca/vulnerability/9 https://vuldb.com/?ctiid.318646 https://access.redhat.com/security/cve/cve-2025-8520 https://nvd.nist.gov/vuln/detail/CVE-2025-8520

Patch

https://github.com/givanz/Vvveb/releases