CNNVD-202512-4927 Information
Dec 29, 2025
cve
CNNVD ID
CNNVD-202512-4927
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
VvvebJs是Givan个人开发者的一个拖放网站生成器。 VvvebJs 1.7.2版本存在安全漏洞,该漏洞源于save.php文件中file_get_contents函数对用户提供URL处理不当,可能导致服务端请求伪造和任意文件读取。
Description (English)
VvvebJs is a drag-and-drop site generator for Givan personal developers. The security loophole in version 1.7.2 of VvvebJs stems from the inappropriate handling of URLs by users in the file file file file file file file file file file file file file file file get contents, which may result in a service-side request for forgery and arbitrary access to documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-29
Last Modified
2026-02-24
References
https://gist.github.com/joaoviictorti/69cbae23d98fb9a1a4b3eee0c305c7de
Patch
https://github.com/givanz/VvvebJs/releases
Share on: