CNNVD-202510-3905 Information

Oct 28, 2025 cve

CNNVD ID

CNNVD-202510-3905

CVE-2025-12346

CNNVD Published: 2025-10-28

Description (Chinese)

MaxSite CMS是俄国MaxSite CMS开源的一款网站内容管理系统。 MaxSite CMS 109及之前版本存在代码问题漏洞，该漏洞源于对文件application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php中参数X-Requested-FileName/X-Requested-FileUpDir的错误操作，可能导致任意文件上传。

Description (English)

MaxSite CMS is an open-source web content management system for MaxSite CMS in Russia. There is a code gap in MaxSite CMS 109 and previous versions, which stems from an error in the argument X-Requestd-FileName/X-Requestd-FileUpDir in document application/maxsite/admin/plugins/auto post/uploads-require-maxsite.php, which may lead to any uploading of the document.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

MaxSite CMS

Published

2025-10-28

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.330136 https://vuldb.com/?submit.674551 https://note-hxlab.wetolink.com/share/8QmDZCddHvyR https://vuldb.com/?id.330136 https://access.redhat.com/security/cve/cve-2025-12346

Share on: