How the CVE Works
The CVE-2025-25916 vulnerability in WuzhiCMS v4.1.0 arises from improper input sanitization in the `del` function within \coreframe\app\member\admin\group.php. Attackers can inject malicious JavaScript payloads via crafted HTTP requests, which are then executed in the admin panel due to reflected XSS. This occurs because user-supplied input is directly embedded in the page without proper escaping or validation. The vulnerability allows session hijacking, admin account compromise, or unauthorized actions if an admin interacts with the malicious link.
DailyCVE Form
Platform: WuzhiCMS
Version: 4.1.0
Vulnerability: XSS
Severity: Medium
Date: 04/29/2025
What Undercode Say:
Exploitation:
- Craft a malicious URL with a JavaScript payload:
http://target.com/member/admin/group/del?groupid=<script>alert(1)</script>
2. Social-engineer an admin to click the link.
- The payload executes in their session, enabling cookie theft or CSRF attacks.
Detection:
Check for unsanitized output in `group.php`:
if (isset($_GET['groupid'])) {
echo $_GET['groupid']; // Vulnerable
}
Protection:
1. Patch by sanitizing input with `htmlspecialchars()`:
echo htmlspecialchars($_GET['groupid'], ENT_QUOTES, 'UTF-8');
2. Implement Content Security Policy (CSP):
Content-Security-Policy: default-src 'self'
Analytics:
- Attack Vector: Network (Low Complexity)
- Impact: Confidentiality (Medium), Integrity (Low)
- Exploitability: Requires admin interaction
Mitigation Commands:
1. Update WuzhiCMS to the latest version.
2. Use WAF rules to filter XSS payloads:
location /member/admin/ {
set $xss_check "";
if ($args ~ "<script") { set $xss_check "block"; }
if ($xss_check = "block") { return 403; }
}
Log Analysis:
Search logs for suspicious `groupid` parameters:
grep -E '/member/admin/group/del\?groupid=.[<>]' access.log
References:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
