CVE-2025-14729 | CTCMS Content Management System up to 2.1.2 Backend App Configuration /ctcms/libs/Ct_App.php save CT_App_Paytype code injection

December 15, 2025 Yanac

A vulnerability identified as critical has been detected in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/Ct_App.php of the component Backend App Configuration Module. The manipulation of the argument CT_App_Paytype leads to code injection.

This vulnerability is referenced as CVE-2025-14729. Remote exploitation of the attack is possible. Furthermore, an exploit is available.VulDB Recent EntriesRead More