CNNVD-202510-2322 Information

CNNVD ID

CNNVD-202510-2322

Related CVE

CVE-2025-60641

• CNNVD Published: 2025-10-16

Description (Chinese)

Vfront是Marcello Verona个人开发者的一个数据库管理前端工具。 Vfront 0.99.52版本存在安全漏洞，该漏洞源于对用户控制的输入进行反序列化操作时未进行验证或使用allowed_classes选项，可能导致远程代码执行、SQL注入、路径遍历或拒绝服务攻击。

Description (English)

Vfront is a database management front-end tool for Marcello Verona personal developers. Version Vfront 0.99.52 contains a security loophole, which arises from the lack of validation or the use of the controlled classes option during a back-sequencing operation for user-controlled inputs, which may lead to remote code execution, SQL injection, routing or denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-16

Last Modified

2026-02-24

References

http://vfront.com https://xancatos.org/cve202560641 https://access.redhat.com/security/cve/cve-2025-60641