CNNVD-202512-4840 Information

CNNVD ID

CNNVD-202512-4840

Related CVE

CVE-2025-15110

• CNNVD Published: 2025-12-27

Description (Chinese)

XCMS是JackQ个人开发者的一个CMS建站系统。 jackq XCMS存在代码问题漏洞，该漏洞源于对文件Admin/Home/Controller/ProductImageController.class.php中参数File的错误操作，可能导致无限制上传。

Description (English)

XCMS is a CMS station system of JackQ personal developers. Jackq XCMS has a code problem loophole, which stems from an error in the argument File in document Admin/Home/Controller/ProductImageController.class.php, which may lead to unlimited upload.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-12-27

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.338481 https://vuldb.com/?id.338481 https://gitee.com/jackq/XCMS/issues/IDC5C8 https://vuldb.com/?submit.711702 https://access.redhat.com/security/cve/cve-2025-15110