CNNVD-202512-2193 Information

CNNVD ID

CNNVD-202512-2193

Related CVE

CVE-2025-14522

• CNNVD Published: 2025-12-11

Description (Chinese)

hfly是baowzh个人开发者的一个旅游网站。 hfly存在代码问题漏洞，该漏洞源于对文件/Public/Kindeditor/php/upload_json.php中参数imgFile的错误操作，可能导致任意文件上传。

Description (English)

hfly is a tourist site for the Baowzh personal developer. hfly has a code problem loophole, which stems from an error in the application of the parameter mgFile in the file/Public/Kindeditor/php/upload json.php, which may lead to any upload of the file.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/PHP-based%20travel%20website-CMS/PHP-based%20travel%20website-CMS%20upload_json.php%20imgFile%20XSS-File-Upload.md https://vuldb.com/?ctiid.335860 https://vuldb.com/?id.335860 https://vuldb.com/?submit.702950