CNNVD-202512-2811 Information
CNNVD ID
CNNVD-202512-2811
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
websitebaker是个人开发者的一个基于PHP的内容管理系统。它的特点包括基于模板的前台界面,分页支持, 多用户管理等。 websitebaker 2.13.3版本存在安全漏洞,该漏洞源于存储型跨站脚本漏洞,可能导致认证用户上传恶意SVG文件。
Description (English)
Websitebaker is a PHP-based content management system for individual developers. Its features include template-based front-office interfaces, page break support, multi-user management, etc. There is a security loophole in version 2.13.3 of websitebaker, which originates from a storage-type cross-site script loophole, which could lead to the uploading of malicious SVG files by authentication users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-16
Last Modified
2026-02-24
References
https://websitebaker.org/pages/en/home.php https://www.exploit-db.com/exploits/51553 https://www.vulncheck.com/advisories/websitebaker-stored-cross-site-scripting-via-svg-file-upload
Patch
https://addon.websitebaker.org/en/browse-add-ons/?type=5&cid=997
Share on: