CNNVD-202509-4423 Information

CNNVD ID

CNNVD-202509-4423

Related CVE

CVE-2025-11136

• CNNVD Published: 2025-09-29

Description (Chinese)

Yifang CMS是中国亿坊（Yifang）公司的一个PHP企业网站开发建设管理系统。 Yifang CMS 2.0.2及之前版本存在代码问题漏洞，该漏洞源于对文件app/app/controller/File.php中组件Backend的函数webUploader的参数uploadpath的错误操作，可能导致任意文件上传。

Description (English)

Yifang CMS is a PHP Enterprise website development and management system for Yifang Corporation in China. Yifang CMS 2.0.2 and previous versions had a code problem loophole, which stemmed from the wrong operation of the function for the Backend component of fileapp/app/controller/File.php for webUplode parameteruploadpath, which could lead to any upload.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

亿坊

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/electroN1chahaha/YifangCMS-V2.0.0-Remote-Code-Execution-RCE-/issues/1 https://vuldb.com/?ctiid.326213 https://vuldb.com/?id.326213 https://vuldb.com/?submit.657903