CNNVD-202602-212 Information

CNNVD ID

CNNVD-202602-212

Related CVE

CVE-2026-25509

• CNNVD Published: 2026-02-03

Description (Chinese)

CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.28.5.0之前版本存在安全漏洞，该漏洞源于身份验证实现存在电子邮件枚举问题，未经验证的攻击者可通过分析密码重置过程中的应用响应来确定电子邮件地址是否已注册。

Description (English)

CI4MS is a blog management tool for the open source of Ci4MS. The previous version of CI4MS 0.28.5.0 had a security loophole, which stemmed from the problem of e-mail e-mailing for authentication, and the unverified assailant could determine whether the e-mail address had been registered by analysing the application response during the password replacement process.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Ci4MS

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f3bafcb653 https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-654x-9q7r-g966

Patch

https://github.com/ci4-cms-erp/ci4ms/releases