A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
PUBLISHED5.2CWE-94CWE-74unsupported-when-assigned
shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection
Problem type
Affected products
shanyu
SyCms
a242ef2d194e8bb249dc175e7c49f2c1673ec921 - AFFECTED
References
VDB-338508 | shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection
https://vuldb.com/?id.338508
VDB-338508 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.338508
Submit #712813 | SyCms 1.0 Unrestricted Upload
https://vuldb.com/?submit.712813
gitee.com
https://gitee.com/shanyu/SyCms/issues/IDCEWG
GitHub Security Advisories
GHSA-w487-9rjq-3p3v
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921....
https://github.com/advisories/GHSA-w487-9rjq-3p3vA vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-15130Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-15130",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-12-28T09:32:10.325Z",
"dateReserved": "2025-12-27T09:18:12.962Z",
"datePublished": "2025-12-28T09:32:10.325Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-12-28T09:32:10.325Z"
},
"title": "shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"affected": [
{
"vendor": "shanyu",
"product": "SyCms",
"modules": [
"Administrative Panel"
],
"versions": [
{
"version": "a242ef2d194e8bb249dc175e7c49f2c1673ec921",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.338508",
"name": "VDB-338508 | shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.338508",
"name": "VDB-338508 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.712813",
"name": "Submit #712813 | SyCms 1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://gitee.com/shanyu/SyCms/issues/IDCEWG",
"tags": [
"exploit",
"issue-tracking"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 5.8
}
}
],
"timeline": [
{
"time": "2025-12-27T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-12-27T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-12-27T10:23:25.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "formanagain (VulDB User)",
"type": "reporter"
}
],
"tags": [
"unsupported-when-assigned"
]
}
}
}