CNNVD-202512-2619 Information

CNNVD ID

CNNVD-202512-2619

Related CVE

CVE-2025-14729

• CNNVD Published: 2025-12-15

Description (Chinese)

CTCMS（赤兔CMS）是中国赤兔CMS（CTCMS）公司的一个视频内容管理系统。 CTCMS 2.1.2及之前版本存在代码注入漏洞，该漏洞源于文件/ctcms/libs/Ct_App.php中Save函数对参数CT_App_Paytype处理不当，可能导致代码注入。

Description (English)

TCMS (CMS) is a video content management system of the Chinese Reds (CMS) Company. There is a code-injection loophole in CTCMS 2.1.2 and earlier versions, which stems from the inappropriate handling of parameter CT App Paytype by the Save function in file/ctcms/libs/Ct App.php, which may result in code injection.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

赤兔CMS

Published

2025-12-15

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/R3y6uiOuuYbA https://vuldb.com/?id.336486 https://vuldb.com/?ctiid.336486 https://vuldb.com/?submit.707104 https://access.redhat.com/security/cve/cve-2025-14729