CNNVD-202508-3308 Information
CNNVD ID
CNNVD-202508-3308
Related CVE
- CNNVD Published: 2025-08-28
Description (Chinese)
Paymenter是Paymenter开源的一个网店托管软件。 Paymenter 1.2.11之前版本存在代码问题漏洞,该漏洞源于票证附件功能允许上传任意文件,可能导致敏感数据泄露或系统命令执行。
Description (English)
Paymenter is a web-based shop hosting software at Paymenter ’ s open source. Prior to the Paymenter 1.2.11 version there was a code gap, which stemmed from the fact that the ticketing attachment function allowed for the uploading of arbitrary documents, which could lead to the disclosure of sensitive data or the enforcement of system orders.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Paymenter
Published
2025-08-28
Last Modified
2026-02-24
References
https://github.com/Paymenter/Paymenter/security/advisories/GHSA-5pm9-r2m8-rcmj https://github.com/Paymenter/Paymenter/releases/tag/v1.2.11 https://github.com/Paymenter/Paymenter/commit/87c3db42282ada1e3cda54b9a01f846926c0669b https://nvd.nist.gov/vuln/detail/CVE-2025-58048
Patch
https://github.com/Paymenter/Paymenter/releases
Share on: