CVE-2025-15130 | shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921 Administrative Panel FileManageController.class.php addPost code injection (IDCEWG)

A vulnerability, which was classified as critical, has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is uniquely identified as CVE-2025-15130. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More