CNNVD-202512-5529 Information

CNNVD ID

CNNVD-202512-5529

Related CVE

CVE-2025-15394

• CNNVD Published: 2025-12-31

Description (Chinese)

iCMS是一个应用软件。一套采用 PHP 和 MySQL 构建的高效简洁的内容管理系统。 iCMS 8.0.0及之前版本存在代码注入漏洞，该漏洞源于POST Parameter Handler组件文件app/config/ConfigAdmincp.php中Save函数对参数config的错误操作，可能导致代码注入。

Description (English)

iCMS is an application. An efficient and concise content management system using PHP and MySQL. iCMS 8.0.0 and previous versions have a code injection loophole, which stems from the error of the Save function on parameter config in POST Parameter Handler component fileapp/config/ConfigAdmincp.php, which may result in code injection.

Hazard Level

High

Vulnerability Type

代码注入

Published

2025-12-31

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/QWuWZeAmzUdm https://vuldb.com/?ctiid.339163 https://vuldb.com/?id.339163 https://vuldb.com/?submit.719029