← Zuruck zu CVEs

CVE-2025-7949

LOW

3.5

Beschreibung

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.

CVE Details

CVSS v3.1 Bewertung3.5

SchweregradLOW

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht7/22/2025

Zuletzt geandert8/20/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

publiccms:publiccms

Schwachen (CWE)

CWE-601

Referenzen

https://github.com/sanluan/PublicCMS/commit/c1e79f124e3f4c458315d908ed7dee06f9f12a76(cna@vuldb.com)

https://github.com/sanluan/PublicCMS/issues/87(cna@vuldb.com)

https://vuldb.com/?ctiid.317095(cna@vuldb.com)

https://vuldb.com/?id.317095(cna@vuldb.com)

https://vuldb.com/?submit.619278(cna@vuldb.com)

https://github.com/sanluan/PublicCMS/issues/87(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.