CNNVD-202512-4804 Information

CNNVD ID

CNNVD-202512-4804

Related CVE

CVE-2024-42718

• CNNVD Published: 2025-12-26

Description (Chinese)

Croogo是Croogo开源的一套基于CakePHP框架开发的内容管理系统（CMS）。该系统提供内容类型可自定义为Blog、Node、Page，内容采用WYSIWYG编辑器编辑等功能。 Croogo 4.0.7版本存在安全漏洞，该漏洞源于edit-file参数中存在特制路径，可能导致远程攻击者读取任意文件。

Description (English)

Croogo is a CMS-based content management system based on the CakePHP framework. The system provides content types that are self-defined as Blog, Node, Page, and content is edited using WYSIWYG editors. The security gap in the Croogo version 4.0.7 stems from the existence of a specific path in the edit-file parameters, which may lead to remote assailants reading random documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Croogo

Published

2025-12-26

Last Modified

2026-02-24

References

https://github.com/croogo/croogo https://github.com/jacopo1223/jacopo.github/tree/main/CVE-2024-42718 https://access.redhat.com/security/cve/cve-2024-42718