CVE-2025-14837

Medium CVSS: 5.1

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Vendor

Zzcms

Product

Zzcms

CWE

CWE-74

Yayın Tarihi

2025-12-18 00:16:22

Güncelleme

2025-12-30 18:27:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Zzcms MEDIUM Zzcms 2025

Referanslar

https://note-hxlab.wetolink.com/share/ekNgcv2wVBya https://vuldb.com/?ctiid.336987 https://vuldb.com/?id.336987 https://vuldb.com/?submit.711655 https://note-hxlab.wetolink.com/share/ekNgcv2wVBya

Benzer Kayıtlar

Medium

CVE-2025-14836

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_sa…

Medium

CVE-2025-13171

A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such…

Medium

CVE-2025-1949

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown proc…

Critical

CVE-2025-22957

A SQL injection vulnerability exists in the front-end of the website in ZZCMS

Medium

CVE-2025-0565

A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functiona…