CNNVD-202509-1586 Information

CNNVD ID

CNNVD-202509-1586

Related CVE

CVE-2025-59055

• CNNVD Published: 2025-09-11

Description (Chinese)

InstantCMS是instantSoft开源的一个免费的开源 CMS。 InstantCMS 2.17.3及之前版本存在代码问题漏洞，该漏洞源于安装程序功能中package参数未经验证，可能导致服务端请求伪造攻击。

Description (English)

InstantCMS is a free open source for instantSoft. InstantCMS 2.17.3 and previous versions had a code problem gap, which stemmed from the unverified package parameters in the installation program function, which could result in the service requesting a false attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

instantSoft

Published

2025-09-11

Last Modified

2026-02-24

References

https://github.com/instantsoft/icms2/commit/fa997bdab3429fad0c850966bfacbcb96d5ab041 https://github.com/instantsoft/icms2/security/advisories/GHSA-79hh-mhvg-whrw https://access.redhat.com/security/cve/cve-2025-59055