CNNVD-202512-1776 Information

CNNVD ID

CNNVD-202512-1776

Related CVE

CVE-2024-58284

• CNNVD Published: 2025-12-10

Description (Chinese)

PopojiCMS是PopojiCMS开源的一个建站工具。 PopojiCMS 2.0.1版本存在代码注入漏洞，该漏洞源于管理员用户可通过元数据设置端点注入恶意PHP代码，可能导致远程命令执行。

Description (English)

PopojiCMS is a building tool for PopojiCMS open source. OpojiCMS version 2.0.1 contains a code-infusion loophole, which stems from the fact that administrator users can inject malicious PHP codes through metadata setting endpoints, which may result in remote command execution.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

PopojiCMS

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip https://www.vulncheck.com/advisories/popojicms-remote-command-execution-via-authenticated-metadata-settings https://www.exploit-db.com/exploits/52022 https://www.popojicms.org/ https://access.redhat.com/security/cve/cve-2024-58284