CNNVD-202602-208 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-208
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.28.5.0之前版本存在代码问题漏洞,该漏洞源于具有文件编辑器权限的已验证用户可利用文件创建和保存端点上传并执行任意PHP代码,可能导致远程代码执行。
Description (English)
CI4MS is a blog management tool for the open source of Ci4MS. There is a code problem loophole in the pre-CI4MS 0.28.5.0 version, which stems from the fact that certified users with file editor privileges can use the file to create and save endpoints and to execute any PHP code, which may result in remote code execution.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Ci4MS
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f3bafcb653 https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-gp56-f67f-m4px
Patch
https://github.com/ci4-cms-erp/ci4ms/releases
Share on: