CNNVD-202512-4114 Information
Dec 23, 2025
cve
CNNVD ID
CNNVD-202512-4114
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
CMSimple_XH是CMSimple_XH开源的一个快速、小型、易于使用且易于安装的模块化内容管理系统(CMS)。 CMSimple_XH 1.7.4版本存在代码注入漏洞,该漏洞源于内容编辑功能对文件上传验证不足,可能导致远程代码执行。
Description (English)
CMSimple XH is a fast, small, user-friendly and easy to install modular content management system (CMS) for CMSimple XH open source. CMSimple XH 1.7.4 has a code-injection loophole, which arises from the inadequate authentication of document upload by content editing functions, which may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
CMSimple_XH
Published
2025-12-23
Last Modified
2026-02-24
References
https://www.cmsimple-xh.org/ https://www.exploit-db.com/exploits/50367 https://www.vulncheck.com/advisories/cmsimplexh-authenticated-remote-code-execution-via-content-editing
Patch
https://www.cmsimple-xh.org/?Downloads
Share on: