Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-8518— givanz Vvveb Code Editor code.php save code injection

CVSS 4.7 · Medium EPSS 19.67% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-8518

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
givanz Vvveb Code Editor code.php save code injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vvveb 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vvveb是Givan个人开发者的一个强大且易于使用的CMS,用于构建网站、博客或电子商务商店。 Vvveb 1.0.5版本存在注入漏洞,该漏洞源于文件admin/controller/editor/code.php中函数Save的错误操作导致代码注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
givanzVvveb 1.0.5 -

II. Public POCs for CVE-2025-8518

#POC DescriptionSource LinkShenlong Link
1This repository contains a Proof of Concept (PoC) demonstrating a critical vulnerability in givanz Vvveb 1.0.5. The vulnerability allows an authenticated user with template editing privileges to write arbitrary PHP code to server files, leading to Remote Code Execution (RCE).https://github.com/maestro-ant/Vvveb-CMS-CVE-2025-8518POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-8518

Please Login to view more intelligence information

Same Patch Batch · givanz · 2025-08-04 · 6 CVEs total

CVE-2025-85176.3 MEDIUMgivanz Vvveb session fixiation
CVE-2025-85225.0 MEDIUMgivanz Vvvebjs node.js save.php path traversal
CVE-2025-85204.7 MEDIUMgivanz Vvveb Drag-and-Drop Editor editor server-side request forgery
CVE-2025-85192.7 LOWgivanz Vvveb Drag-and-Drop Editor editor information disclosure
CVE-2025-85212.4 LOWgivanz Vvveb Add Type post-types cross site scripting

IV. Related Vulnerabilities

Same product: Vvveb
Same vendor: givanz
Same weakness: CWE-94

V. Comments for CVE-2025-8518

No comments yet

Leave a comment