CNNVD-202602-064 Information

CNNVD ID

CNNVD-202602-064

Related CVE

CVE-2025-70958

• CNNVD Published: 2026-02-02

Description (Chinese)

Subrion CMS是Subrion团队的一套基于PHP的内容管理系统（CMS）。该系统可被集成到网站，并支持多种扩展插件等。 Subrion CMS 4.2.1版本存在安全漏洞，该漏洞源于安装模块中对dbuser、dbpwd和dbname参数输入验证不足，可能导致反射型跨站脚本攻击。

Description (English)

Subrion CMS is a PHP-based content management system (CMS) for the Subrion team. The system can be integrated into the website and support a variety of extension plugins, etc. Subrion CMS 4.2.1 has a security loophole, which results from inadequate validation of dbuser, dbpwd and dbname parameters in the installation module, which may result in a reflective cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Subrion

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt