CNNVD-202512-2594 Information

CNNVD ID

CNNVD-202512-2594

Related CVE

CVE-2025-14648

• CNNVD Published: 2025-12-14

Description (Chinese)

DedeBIZ是中国穆云智能（DedeBIZ）公司的一个内容管理系统。 DedeBIZ 6.5.9及之前版本存在命令注入漏洞，该漏洞源于对文件/src/admin/catalog_add.php的错误操作，可能导致命令注入攻击。

Description (English)

DedeBIZ is a content management system for DedeBIZ in China. DedeBIZ 6.5.9 and previous versions of the order leaked out of an error in the document/src/admin/catalog add.php, which could lead to an order injection attack.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

穆云智能

Published

2025-12-14

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.336381 https://vuldb.com/?submit.710164 https://vuldb.com/?id.336381 https://github.com/HOrange147/CVE/blob/main/DedeBIZ%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.pdf https://access.redhat.com/security/cve/cve-2025-14648