CNNVD-202509-1861 Information

Sep 14, 2025 cve

CNNVD ID

CNNVD-202509-1861

CVE-2025-10395

CNNVD Published: 2025-09-14

Description (Chinese)

maccms10是magicblack开源的一套采用 PHP+MYSQL 环境下运行的完善而强大的快速建站系统。 maccms10 2025.1000.4050版本存在代码问题漏洞，该漏洞源于对组件Scheduled Task Handler中函数col_url的参数cjurl的错误操作，可能导致服务端请求伪造。

Description (English)

The maccms10 is a robust and fast-construction system that operates in a PHP+MYSQL setting as a magicblack open source. There is a code breach in version 10,2025.10000.4050, which results from a mishandling of the parameter cjurl of function col url in component Scheduled Task Handler, which may lead to a forgery of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

MagnusSolution

Published

2025-09-14

Last Modified

2026-02-24

References

https://vuldb.com/?submit.645798 https://github.com/August829/Yu/blob/main/58ead8e7e08bfb017.md https://vuldb.com/?id.323830 https://vuldb.com/?ctiid.323830 https://access.redhat.com/security/cve/cve-2025-10395

Share on: