CVE-2025-10993 | THREATINT

Description

A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the attack remotely.

Es wurde eine Schwachstelle in MuYuCMS up to 2.7 entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin.php der Komponente Template Management. Dank Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff lässt sich über das Netzwerk starten.

PUBLISHED Reserved 2025-09-25 | Published 2025-09-26 | Updated 2025-09-26 | Assigner VulDB

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

MEDIUM: 4.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

5.8AV:N/AC:L/Au:M/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Problem types

Code Injection

Injection

Timeline

2025-09-25:	Advisory disclosed
2025-09-25:	VulDB entry created
2025-09-25:	VulDB entry last update

Credits

Eurekya (VulDB User) reporter

References

vuldb.com/?id.325921 (VDB-325921 | MuYuCMS Template Management admin.php code injection) vdb-entry

vuldb.com/?ctiid.325921 (VDB-325921 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.654014 (Submit #654014 | MuYuCMS 2.7 rce) third-party-advisory

gitee.com/MuYuCMS/MuYuCMS/issues/ICXVCE issue-tracking

cve.org (CVE-2025-10993)

nvd.nist.gov (CVE-2025-10993)

Download JSON