CNNVD-202512-969 Information

CNNVD ID

CNNVD-202512-969

Related CVE

CVE-2025-14244

• CNNVD Published: 2025-12-08

Description (Chinese)

GreenCMS是GreenCMS开源的一套基于ThinkPHP开发的内容管理系统（CMS）。 GreenCMS 2.3.0603版本存在代码注入漏洞，该漏洞源于对文件/Admin/Controller/CustomController.class.php中参数Link的错误操作，可能导致跨站脚本攻击。

Description (English)

GreenCMS is a content management system (CMS) based on ThinkPHP, which is an open source of GreenCMS. Version 2.3.0603 of GreenCMS contains a code-injection loophole, which results from an error in the operation of Link, the parameter in document/Admin/Controller/CustomController.class.php, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

GreenCMS

Published

2025-12-08

Last Modified

2026-02-24

References

https://gist.github.com/b1uel0n3/83f9965b3499a2abfee30c77458f718a https://vuldb.com/?ctiid.334754 https://vuldb.com/?id.334754 https://vuldb.com/?submit.702435