PT-2025-51320 · Unknown · Ctcms Content Management System
Airrudder
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2025-14730
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CTCMS Content Management System versions up to 2.1.2
Description
A security flaw exists in CTCMS Content Management System. The issue resides in an unknown function within the
/ctcms/libs/Ct Config.php library of the Backend System Configuration Module. Manipulation of the Cj Add/Cj Edit argument can lead to code injection, and the attack can be carried out remotely. The exploit for this issue has been publicly released and may be exploited.Recommendations
Versions prior to 2.1.2 should be updated.
Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ctcms Content Management System