CNNVD-202510-1417 Information
CNNVD ID
CNNVD-202510-1417
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
e107是E107团队的一套开源、免费且基于PHP和MySQL的内容管理系统(CMS)。该系统支持多种插件和外观主题,可作为个人博客、讨论社区、档案资料库等。 e107 2.3.3及之前版本存在安全漏洞,该漏洞源于install.php脚本对previous_steps POST参数进行不安全的反序列化操作,可能导致远程代码执行或任意文件操作。
Description (English)
e107 is an open-source, free and PHP-based content management system (CMS) for the E107 team. The system supports various plugins and visual themes that can be used as personal blogs, community discussions, archives, etc. e107 2.3.3 and previous versions have a security loophole, which arises from the unsafe install.php script anti-serialization of previous steps POST parameters, which may result in remote code execution or arbitrary file operations.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
E107
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/e107inc/e107/blob/master/install.php https://xancatos.org/cve202561505 https://access.redhat.com/security/cve/cve-2025-61505
Share on: