CNNVD-202510-3657 Information

CNNVD ID

CNNVD-202510-3657

Related CVE

CVE-2025-12203

• CNNVD Published: 2025-10-27

Description (Chinese)

Vvveb是Givan个人开发者的一个强大且易于使用的CMS，用于构建网站、博客或电子商务商店。 Vvveb 1.0.7.3及之前版本存在路径遍历漏洞，该漏洞源于对文件system/functions.php中组件Code Editor的函数sanitizeFileName的参数File的错误操作，可能导致路径遍历攻击。

Description (English)

Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Vvveb 1.0.7.3 and previous versions have path-to-path loopholes that stem from the error of File ’ s parameter for the function of the Code Editor component in file system/funactions.php, which could lead to a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-10-27

Last Modified

2026-02-24

References

https://vuldb.com/?id.329873 https://github.com/givanz/Vvveb/commit/b0fa7ff74a3539c6d37000db152caad572e4c39b https://vuldb.com/?ctiid.329873 https://vuldb.com/?submit.673159 https://github.com/givanz/Vvveb/issues/333