CNNVD-202510-3636 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3636

CVE-2025-12224

CNNVD Published: 2025-10-27

Description (Chinese)

PHP Business Website是Iqbolshoh Ilhomjonov个人开发者的一个PHP商业网站。 PHP Business Website存在代码注入漏洞，该漏洞源于文件admin/contact.php中对参数twitter的错误操作，可能导致跨站脚本攻击。

Description (English)

PHP Business Website is a PHP business site for Iqbolshoh Ilhomjonov personal developer. PHP Business Website has a code-infusion loophole, which stems from the error in the twitter of parameters in document admin/contact.php and may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/mhszed/Report/blob/main/php-business-website%20xss.docx https://vuldb.com/?ctiid.329894 https://vuldb.com/?id.329894 https://vuldb.com/?submit.673540

Share on: