CNNVD-202512-1787 Information

CNNVD ID

CNNVD-202512-1787

Related CVE

CVE-2025-65950

• CNNVD Published: 2025-12-10

Description (Chinese)

WBCE CMS是WBCE CMS开源的一套基于PHP和MySQL的开源内容管理系统（CMS）。 WBCE CMS 1.6.4及之前版本存在SQL注入漏洞，该漏洞源于groups参数处理不当，可能导致SQL注入攻击。

Description (English)

WBCE CMS is a WBCE CMS Open Content Management System (CMS) based on PHP and MySQL. WBCE CMS 1.6.4 and previous versions had an SQL injection loophole, which stemmed from the mishandling of the groups parameters and could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

WBCE CMS

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/WBCE/WBCE_CMS/commit/96046178f4c80cf16f7c224054dec7fdadddda7e https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.5 https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-934v-xhx9-j2f3 https://access.redhat.com/security/cve/cve-2025-65950