CNNVD-202510-2551 Information

Oct 19, 2025 cve

CNNVD ID

CNNVD-202510-2551

CVE-2025-11941

CNNVD Published: 2025-10-19

Description (Chinese)

e107是E107团队的一套开源、免费且基于PHP和MySQL的内容管理系统（CMS）。该系统支持多种插件和外观主题，可作为个人博客、讨论社区、档案资料库等。 e107 2.3.3及之前版本存在路径遍历漏洞，该漏洞源于对文件/e107_admin/image.php中参数multiaction的错误操作，可能导致路径遍历攻击。

Description (English)

e107 is an open-source, free and PHP-based content management system (CMS) for the E107 team. The system supports various plugins and visual themes that can be used as personal blogs, community discussions, archives, etc. e107 2.3.3 & previous versions have path-to-path loopholes, which stem from an error in the use of the parameters multiaction in file/e107 admin/image.php, which may lead to a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

E107

Published

2025-10-19

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/igdVbDCk2IkD#proof-of-concept- https://vuldb.com/?submit.671867 https://vuldb.com/?id.329020 https://vuldb.com/?ctiid.329020 https://access.redhat.com/security/cve/cve-2025-11941

Share on: