CVE-2025-14837

Sažetak

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Reference

https://note-hxlab.wetolink.com/share/ekNgcv2wVBya
https://vuldb.com/?ctiid.336987
https://vuldb.com/?id.336987
https://vuldb.com/?submit.711655

CVSS

Base:	5.8
Impact:	6.4
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-12-2025 - 00:16

Objavljeno

18-12-2025 - 00:16