CNNVD-202509-3670 Information

CNNVD ID

CNNVD-202509-3670

Related CVE

CVE-2025-29083

• CNNVD Published: 2025-09-23

Description (Chinese)

CSZCMS是Cskaza Bassist个人开发者的一个开源网络应用程序，允许管理网站上的所有内容和设置。 CSZCMS 1.3.0版本存在安全漏洞，该漏洞源于Plugin_Manager.php文件中execSql函数未正确过滤输入，可能导致远程代码执行。

Description (English)

CSZCMS is an open-source web application for Cskaza Bassist personal developers that allows for the management of all content and settings on the website. Version 1.3.0 of CSZCMS contains a security loophole, which stems from the incorrect filtering of the execSql function in the Plugin Manager.php file, which may lead to remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-23

Last Modified

2026-02-24

References

https://github.com/fax77829yz/CSZ_CMS-exploit/blob/main/README.md#cve2 https://access.redhat.com/security/cve/cve-2025-29083