CNNVD-202509-2715 Information

CNNVD ID

CNNVD-202509-2715

Related CVE

CVE-2025-57055

• CNNVD Published: 2025-09-17

Description (Chinese)

WonderCMS是WonderCMS公司的一套基于PHP的开源内容管理系统（CMS）。 WonderCMS 3.5.0版本存在安全漏洞，该漏洞源于自定义模块安装功能中未充分验证pluginThemeUrl参数，可能导致服务端请求伪造攻击。

Description (English)

WonderCMS is a PHP-based open-source content management system (CMS) for WonderCMS. There is a security loophole in version 3.5.0 of WonderCMS, which stems from insufficient validation of the pugin ThemeUrl parameters in the self-defined module installation function, which may result in the service-side request for a false attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WORKS MOBILE

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/thawphone/CVE-2025-57055 https://access.redhat.com/security/cve/cve-2025-57055