CNNVD-202510-547 Information

CNNVD ID

CNNVD-202510-547

Related CVE

CVE-2025-11272

• CNNVD Published: 2025-10-04

Description (Chinese)

ZKEACMS是ZKEASOFT开源的一个视觉设计、所见即所得的内容管理系统。 ZKEACMS 4.3及之前版本存在授权问题漏洞，该漏洞源于POST请求处理程序中文件src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs的Delete函数存在授权不当，可能导致远程攻击。

Description (English)

ZKEACMS is a visual, visible and generated content management system for ZKEASOFT. ZKEACMS 4.3 and previous versions had a mandate gap, which stemmed from the inappropriate mandate of the Delete function of the POST Request Processing Process Src/ZKEACMS.Redirection/Controllers/UrlRedirectationController.cs, which could lead to a remote attack.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

ZKEASOFT

Published

2025-10-04

Last Modified

2026-02-24

References

https://github.com/August829/YU1/issues/4 https://github.com/August829/YU1/issues/4#issue-3420825660 https://vuldb.com/?ctiid.327006 https://vuldb.com/?id.327006 https://vuldb.com/?submit.655842