CNNVD-202602-381 Information

CNNVD ID

CNNVD-202602-381

Related CVE

CVE-2020-37110

• CNNVD Published: 2026-02-03

Description (Chinese)

60CycleCMS是60CycleCMS开源的一个内容管理系统。 60CycleCMS 2.5.2版本存在SQL注入漏洞，该漏洞源于news.php和common/lib.php文件存在SQL注入，可能导致攻击者通过未验证的用户输入操纵数据库查询。

Description (English)

CycleCMS is an open-source content management system for 60 CycleCMS. 60 CycleCMS version 2.5.2 contains an injection loophole in SQL, which originates from the presence of SQL in news.php and common/lib.php files, which may result in the attackers manipulating the database through unverified user input.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

60CycleCMS

Published

2026-02-03

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/48177 https://www.opensourcecms.com/60cyclecms https://www.vulncheck.com/advisories/cyclecms-newsphp-sql-injection-vulnerability