CNNVD-202510-3586 Information
CNNVD ID
CNNVD-202510-3586
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Zytec Central Authentication Service是中国卓云(Zytec)公司的一个中央认证服务。 Zytec Central Authentication Service 20251009及之前版本存在代码注入漏洞,该漏洞源于对文件/index.php/auth/widget中参数get.layer、get.widget和get.action的错误操作,可能导致远程代码注入攻击。
Description (English)
Zytec Central Administration Service is a central certification service of Zytec China. Zytec Central Administration Service 20251009 and previous versions had a code-infusion loophole, which stemmed from errors in the parameters Get.layer, Get.widget and Get.action in documents/index.php/auth/widget, which could lead to a remote code-injection attack.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
卓云
Published
2025-10-27
Last Modified
2026-02-24
References
http://101.200.76.102:38765/qwertyuiop/Vuldb/Zytec.html https://vuldb.com/?ctiid.329938 https://vuldb.com/?id.329938 https://vuldb.com/?submit.671721
Share on: