CNNVD-202512-457 Information

CNNVD ID

CNNVD-202512-457

Related CVE

CVE-2025-66572

• CNNVD Published: 2025-12-04

Description (Chinese)

Loaded Commerce是美国Loaded Commerce公司的一套开源的电子商务平台。 Loaded Commerce 6.6版本存在操作系统命令注入漏洞，该漏洞源于客户端模板注入漏洞，可能导致通过搜索参数在服务器执行代码。

Description (English)

Loeded Commerce is an open-source e-commerce platform for the United States company Lloyd Commerce. There is a loophole in the operating system command in version 6.6 of Loaded Company, which stems from a leak in the client template and may lead to code implementation on the server through search parameters.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Loaded Commerce

Published

2025-12-04

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/52084 https://www.vulncheck.com/advisories/loaded-commerce-66-client-side-template-injectioncsti https://loadedcommerce.com/ https://access.redhat.com/security/cve/cve-2025-66572