CNNVD-202512-2612 Information
CNNVD ID
CNNVD-202512-2612
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
Mayan EDMS是Mayan EDMS公司的一个基于 Web 的免费文档管理系统。用于管理组织内的文档。 Mayan EDMS 4.10.1及之前版本存在输入验证错误漏洞,该漏洞源于对文件/authentication/的错误操作,可能导致开放重定向攻击。
Description (English)
Mayan EDMS is a Web-based free document management system for Mayan EDMS. to manage documents within an organization. Mayan EDMS 4.10.1 and previous versions have input-validation bugs, which are the result of mishandling of the document/authentication/, which may lead to an open redirectional attack.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Mayan EDMS
Published
2025-12-15
Last Modified
2026-02-24
References
https://vuldb.com/?submit.711729 https://vuldb.com/?ctiid.336410 https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security https://vuldb.com/?id.336410 https://github.com/ionutluca888/Mayan-EDMS-OpenRedirect-POC/tree/main https://access.redhat.com/security/cve/cve-2025-14692
Patch
https://docs.mayan-edms.com/chapters/releases/4.10.2.html
Share on: