CNNVD-202508-3017 Information

CNNVD ID

CNNVD-202508-3017

Related CVE

CVE-2025-9400

• CNNVD Published: 2025-08-25

Description (Chinese)

Yifang CMS是中国亿坊（Yifang）公司的一个PHP企业网站开发建设管理系统。 Yifang CMS 2.0.5及之前版本存在安全漏洞，该漏洞源于文件app/utils/base/plugin/P_file.php中mergeMultipartUpload函数对File参数处理不当，可能导致无限制上传。

Description (English)

Yifang CMS is a PHP Enterprise website development and management system for Yifang Corporation in China. The Yifang CMS 2.5 and previous versions contain a security loophole that stems from the inappropriate handling of the File parameters by the MergeMultipartUpload function in documentapp/utils/base/plugin/P file.php, which may lead to unrestricted uploading.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

亿坊

Published

2025-08-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.632535 https://vuldb.com/?id.321236 https://vuldb.com/?ctiid.321236 https://github.com/August829/Yu/blob/main/20250811_3.md#poc https://nvd.nist.gov/vuln/detail/CVE-2025-9400