PT-2025-51319 · Unknown · Ctcms Content Management System
Airrudder
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2025-14729
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CTCMS Content Management System versions up to 2.1.2
Description
A code injection issue exists in CTCMS Content Management System. The issue is located in the
Save function within the /ctcms/libs/Ct App.php file of the Backend App Configuration Module. Manipulation of the CT App Paytype argument can lead to code injection. Remote exploitation is possible, and a public exploit is available.Recommendations
Versions prior to 2.1.2 should be updated.
Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ctcms Content Management System