CNNVD-202512-4007 Information

Dec 22, 2025 cve

CNNVD ID

CNNVD-202512-4007

CVE-2025-15004

CNNVD Published: 2025-12-22

Description (Chinese)

DesDev DedeCMS（织梦内容管理系统）是中国卓卓（DesDev）公司的一套基于PHP的开源内容管理系统（CMS）。该系统具有内容发布、内容管理、内容编辑和内容检索等功能。 DesDev DedeCMS 5.7.118及之前版本存在SQL注入漏洞，该漏洞源于文件/freelist_main.php中参数orderby的错误操作，可能导致SQL注入攻击。

Description (English)

DesDev DedeCMS is a PHP-based open-source content management system (CMS) for DesDev, China. The system has content publishing, content management, content editing and content retrieval functions. DesDev DedeCMS 5.7.118 and earlier versions had an injection loophole in SQL, which stemmed from the error of the parameter orderby in the document/freeliist main.php, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

卓卓

Published

2025-12-22

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/JPq560c6F6tu https://vuldb.com/?ctiid.337710 https://vuldb.com/?id.337710 https://vuldb.com/?submit.717316 https://access.redhat.com/security/cve/cve-2025-15004

Share on: