CNNVD-202510-1277 Information

CNNVD ID

CNNVD-202510-1277

Related CVE

CVE-2025-60266

• CNNVD Published: 2025-10-09

Description (Chinese)

xckk（小菜低代码开发平台）是中国云网软件（bestfeng）开源的一款低代码开发平台。 xckk v9.6版本存在安全漏洞，该漏洞源于address/list中orderBy参数未安全过滤，可能导致SQL注入攻击。

Description (English)

xckk (low code development platform) is a low code development platform for the open source of Chinese cloudnet software (bestfeng). Version xckk v9.6 contains a security loophole that originates from the lack of secure filtering of the orderBy parameters in the Adress/list, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

云网软件

Published

2025-10-09

Last Modified

2026-02-24

References

https://gitee.com/bestfeng/xckk https://github.com/int-ux/report/issues/2