CVE-2025-11138

Summary

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
mirweiyewenkucms3.0affected
mirweiyewenkucms3.1affected
mirweiyewenkucms3.2affected
mirweiyewenkucms3.3affected
mirweiyewenkucms3.4affected

Weaknesses

  • CWE-78: OS Command Injection
  • CWE-77: Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References