CNNVD-202509-3033 Information

CNNVD ID

CNNVD-202509-3033

Related CVE

CVE-2025-10642

• CNNVD Published: 2025-09-18

Description (Chinese)

chat_forum是王承毅个人开发者的一个聊天交友论坛系统。 chat_forum 80bdb92f5b460d36cab36e530a2c618acef5afd2及之前版本存在代码注入漏洞，该漏洞源于对文件/q.php中参数path的错误操作，可能导致跨站脚本攻击。

Description (English)

Chat forum is a chatting friend forum system for Wang Cheng Yi personal developer. Cat forum 80bdb92f5b460d36b36e530a2c618acef5afd2 and previous versions have code-injecting holes, which are the result of a mishandling of parath in the file/q.php, which may result in a cross-stop script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-09-18

Last Modified

2026-02-24

References

https://github.com/wangchenyi1996/chat_forum/blob/master/q.php#L31 https://vuldb.com/?ctiid.324675 https://vuldb.com/?id.324675 https://vuldb.com/?submit.651885