CNNVD-202511-368 Information

CNNVD ID

CNNVD-202511-368

Related CVE

CVE-2025-63334

• CNNVD Published: 2025-11-05

Description (Chinese)

PocketVJ CP是magdesign个人开发者的一个控制面板软件。 PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1版本存在安全漏洞，该漏洞源于submit_opacity.php组件未清理opacityValue POST参数的用户输入，可能导致远程攻击者以root权限执行任意命令。

Description (English)

PocketVJ CP is a control panel software for the Magdesign personal developer. The security loophole in version PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 stems from the user input of submit opacity.php component that did not clear the parameters of an optyValue POST, which could result in a remote attacker executing an arbitrary order with root privileges.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-05

Last Modified

2026-02-24

References

https://gist.github.com/mamdouhalrekabi-ops/e7686a0bdd197c77c1b54191e1a2880f https://github.com/magdesign/PocketVJ-CP-v3/releases/tag/release