CNNVD-202510-2295 Information

CNNVD ID

CNNVD-202510-2295

Related CVE

CVE-2025-62416

• CNNVD Published: 2025-10-16

Description (Chinese)

Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.7版本存在安全漏洞，该漏洞源于服务器端模板引擎处理未清理的用户输入，可能导致服务器端模板注入和远程代码执行。

Description (English)

Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. There is a security loophole in version 2.3.7 of Webkul Software Bagisto, which stems from the server-end template engine processing uncleaned user input, which may result in server-end templates being injected and remotely coded.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Webkul Software

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-527q-4wqv-g9wj https://access.redhat.com/security/cve/cve-2025-62416

Patch

https://bagisto.com/en/download/