CNNVD-202512-4863 Information
CNNVD ID
CNNVD-202512-4863
Related CVE
- CNNVD Published: 2025-12-28
Description (Chinese)
PbootCMS是PbootCMS开源的一款使用PHP语言开发的开源企业建站内容管理系统(CMS)。 PbootCMS 3.2.12及之前版本存在安全漏洞,该漏洞源于文件core/function/handle.php中Header Handler组件函数get_user_ip对参数X-Forwarded-For的错误操作,可能导致使用不可信源。
Description (English)
PbootCMS is an open source enterprise content management system (CMS) developed in the PHP language. There is a security loophole in PbootCMS 3.2.12 and earlier versions, which stems from the error of the Header Handler component function in document core/funaction/handle.php, Get user ip against parameter X-Forwarded-For, which may lead to the use of untrustworthy sources.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PbootCMS
Published
2025-12-28
Last Modified
2026-02-24
References
https://vuldb.com/?id.338532 https://vuldb.com/?submit.719818 https://vuldb.com/?ctiid.338532 https://note-hxlab.wetolink.com/share/JyBNgF8JagWQ https://access.redhat.com/security/cve/cve-2025-15154
Share on: