CNNVD-202510-2556 Information

CNNVD ID

CNNVD-202510-2556

Related CVE

CVE-2025-11944

• CNNVD Published: 2025-10-19

Description (Chinese)

Vvveb是Givan个人开发者的一个强大且易于使用的CMS，用于构建网站、博客或电子商务商店。 Vvveb 1.0.7.3及之前版本存在SQL注入漏洞，该漏洞源于文件admin/controller/tools/import.php中Raw SQL Handler组件的Import函数存在SQL注入漏洞。

Description (English)

Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Vvveb 1.0.7.3 and previous versions have an SQL injection loophole, which stems from the Import function of the Raw SQL Handler component in document admin/controller/tools/import.php.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-10-19

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.329024 https://vuldb.com/?id.329024 https://github.com/givanz/Vvveb/commit/52204b4a106b2fb02d16eee06a88a1f2697f9b35 https://github.com/givanz/Vvveb/issues/332#issue-3505043543 https://vuldb.com/?submit.673129 https://access.redhat.com/security/cve/cve-2025-11944