CNNVD-202512-4845 Information

CNNVD ID

CNNVD-202512-4845

Related CVE

CVE-2025-15109

• CNNVD Published: 2025-12-27

Description (Chinese)

XCMS是JackQ个人开发者的一个CMS建站系统。 XCMS存在代码问题漏洞，该漏洞源于对文件Public/javascripts/admin/plupload-2.1.2/examples/upload.php的错误操作，可能导致无限制上传。

Description (English)

XCMS is a CMS station system of JackQ personal developers. XCMS has a code problem loophole, which stems from an error in document Public/javascripts/admin/plupload-2.1.2/examples/upload.php, which may lead to unrestricted uploading.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-12-27

Last Modified

2026-02-24

References

https://gitee.com/jackq/XCMS/issues/IDC4ZT https://vuldb.com/?id.338480 https://vuldb.com/?submit.711696 https://vuldb.com/?ctiid.338480 https://access.redhat.com/security/cve/cve-2025-15109