CNNVD-202508-3064 Information

CNNVD ID

CNNVD-202508-3064

Related CVE

CVE-2025-52353

• CNNVD Published: 2025-08-26

Description (Chinese)

Badaso是Uasoft开源的一个开源的 Laravel Vue 无头 CMS。 Badaso 2.9.11版本存在安全漏洞，该漏洞源于Media Manager允许上传含PHP代码的文件，可能导致任意代码执行。

Description (English)

Badasso is an open source of Usoft open source, Laravel Vue without head CMS. There is a security loophole in the Badasso 2.9.11 version, which stems from Media Manager ’ s permission to upload a document containing PHP codes, which could lead to arbitrary code enforcement.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Uasoft

Published

2025-08-26

Last Modified

2026-02-24

References

https://medium.com/@pat.sanitjairak/remote-code-execution-in-a-plain-view-0f86f183543d https://github.com/uasoft-indonesia/badaso https://nvd.nist.gov/vuln/detail/CVE-2025-52353

Patch

https://github.com/uasoft-indonesia/badaso/releases