CNNVD-202509-1468 Information

CNNVD ID

CNNVD-202509-1468

Related CVE

CVE-2025-10115

• CNNVD Published: 2025-09-09

Description (Chinese)

SiempreCMS是SiempreCMS开源的一个内容管理系统。 SiempreCMS 1.3.6及之前版本存在SQL注入漏洞，该漏洞源于对文件user_search_ajax.php中参数name/userName的错误操作导致SQL注入。

Description (English)

SiempreCMS is an open-source content management system for SiempreCMS. SiempreCMS 1.3.6 and previous versions contain an injection loophole in SQL, which results from an error in the parameter name/user name in document user search ajax.php.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

sigstore

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/drew-byte/SiempreCMS-SQLi-POC https://vuldb.com/?ctiid.323084 https://vuldb.com/?id.323084 https://vuldb.com/?submit.645531