CNNVD-202508-2881 Information

CNNVD ID

CNNVD-202508-2881

Related CVE

CVE-2025-9397

• CNNVD Published: 2025-08-24

Description (Chinese)

Vvveb是Givan个人开发者的一个强大且易于使用的CMS，用于构建网站、博客或电子商务商店。 Vvveb 1.0.7.2及之前版本存在安全漏洞，该漏洞源于/system/traits/media.php文件中参数files[]的错误操作导致任意文件上传。

Description (English)

Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. There is a security loophole in Vvveb 1.0.7.2 and earlier versions, resulting from an error in the parameter files[] in/system/traits/media.php file, resulting in the uploading of any file.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-24

Last Modified

2026-02-24

References

https://vuldb.com/?submit.632530 https://vuldb.com/?id.321233 https://vuldb.com/?ctiid.321233 https://github.com/August829/Yu/blob/main/20250812_2.md#poc https://nvd.nist.gov/vuln/detail/CVE-2025-9397