← Back to CVEs

CVE-2025-14837

MEDIUM

4.7

Description

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVE Details

CVSS v3.1 Score4.7

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published12/18/2025

Last Modified12/30/2025

Sourcenvd

Honeypot Sightings0

Affected Products

zzcms:zzcms

Weaknesses (CWE)

CWE-74CWE-94

References

https://note-hxlab.wetolink.com/share/ekNgcv2wVBya(cna@vuldb.com)

https://vuldb.com/?ctiid.336987(cna@vuldb.com)

https://vuldb.com/?id.336987(cna@vuldb.com)

https://vuldb.com/?submit.711655(cna@vuldb.com)

https://note-hxlab.wetolink.com/share/ekNgcv2wVBya(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.