CNNVD-202512-1780 Information

CNNVD ID

CNNVD-202512-1780

Related CVE

CVE-2024-58279

• CNNVD Published: 2025-12-10

Description (Chinese)

appRain CMF是加拿大appRain公司的一个内容管理框架。 appRain CMF 4.0.5版本存在代码问题漏洞，该漏洞源于认证用户可通过文件管理器上传恶意PHP文件，可能导致远程代码执行。

Description (English)

AppRain CMF is a content management framework for AppRain Canada. AppRain CMF version 4.0.5 has a code problem loophole, which stems from the fact that authentication users can upload malicious PHP files through the file manager, which may lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

appRain

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip https://www.apprain.org https://www.exploit-db.com/exploits/52041 https://www.vulncheck.com/advisories/apprain-cmf-authenticated-remote-code-execution-via-filemanager-upload https://access.redhat.com/security/cve/cve-2024-58279

Patch

https://www.apprain.org/download