CNNVD-202512-4869 Information

CNNVD ID

CNNVD-202512-4869

Related CVE

CVE-2025-15148

• CNNVD Published: 2025-12-28

Description (Chinese)

CmsEasy是中国九州易通（CmsEasy）公司的一套用于创建响应式网站的内容管理系统（CMS）。 CmsEasy 7.7.7及之前版本存在代码注入漏洞，该漏洞源于文件/lib/admin/template_admin.php中参数content/tempdata的错误操作，可能导致代码注入。

Description (English)

CmsEasy is a content management system (CMS) for the creation of a responsive web site for KyushuEasy, China. CmsEasy 7.7.7 and previous versions have a code injection loophole, which stems from the error of the parameter in file/lib/admin/template admin.php, which may result in code injection.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

Cobham

Published

2025-12-28

Last Modified

2026-02-24

References

https://vuldb.com/?submit.716303 https://note-hxlab.wetolink.com/share/msJH69Y06ZlS https://vuldb.com/?ctiid.338525 https://vuldb.com/?id.338525 https://access.redhat.com/security/cve/cve-2025-15148

Patch

https://www.cmseasy.cn/download/