CNNVD-202512-2618 Information

CNNVD ID

CNNVD-202512-2618

Related CVE

CVE-2025-14730

• CNNVD Published: 2025-12-15

Description (Chinese)

CTCMS（赤兔CMS）是中国赤兔CMS（CTCMS）公司的一个视频内容管理系统。 CTCMS 2.1.2及之前版本存在代码注入漏洞，该漏洞源于文件/ctcms/libs/Ct_Config.php中未知函数对参数Cj_Add/Cj_Edit处理不当，可能导致代码注入。

Description (English)

TCMS (CMS) is a video content management system of the Chinese Reds (CMS) Company. There is a code-injection loophole in CTCMS 2.1.2 and previous versions, which stems from the inappropriate handling of the unknown function in file/ctcms/libs/Ct Config.php to parameter Cj Add/Cj Edit, which may lead to code-injection.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

赤兔CMS

Published

2025-12-15

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.336487 https://note-hxlab.wetolink.com/share/87u6f02Gho0K https://vuldb.com/?submit.707105 https://vuldb.com/?id.336487 https://access.redhat.com/security/cve/cve-2025-14730