CNNVD-202509-3206 Information

CNNVD ID

CNNVD-202509-3206

Related CVE

CVE-2025-10764

• CNNVD Published: 2025-09-21

Description (Chinese)

ZKEACMS是ZKEASOFT开源的一个视觉设计、所见即所得的内容管理系统。 ZKEACMS 4.3及之前版本存在代码问题漏洞，该漏洞源于对文件src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs中参数Data的错误操作，可能导致服务端请求伪造。

Description (English)

ZKEACMS is a visual, visible and generated content management system for ZKEASOFT. There is a code problem gap in ZKEACMS 4.3 and earlier versions, which stems from the mishandling of the parameter Data in file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs, which may result in the forgery of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

ZKEASOFT

Published

2025-09-21

Last Modified

2026-02-24

References

https://github.com/August829/Yu/blob/main/58ead8e7e08bfb021.md https://vuldb.com/?id.325119 https://vuldb.com/?submit.647629 https://vuldb.com/?ctiid.325119 https://access.redhat.com/security/cve/cve-2025-10764