CVE-2025-11280 (CNNVD-202510-748)
中文标题:
Frappe Learning Management System 安全漏洞
英文标题:
Frappe LMS Assignment Picture files direct request
漏洞描述
中文描述:
Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.35.0版本存在安全漏洞,该漏洞源于Assignment Picture Handler组件中文件/files/的直接请求,可能导致远程攻击。
英文描述:
A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. It is advisable to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Frappe | LMS | 2.35.0 | - | - |
cpe:2.3:a:frappe:lms:2.35.0:*:*:*:*:*:*:*
|
| frappe | learning | 2.35.0 | - | - |
cpe:2.3:a:frappe:learning:2.35.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
CVSS评分详情
4.0 (cna)
MEDIUMCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.1 (cna)
LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
3.0 (cna)
LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
2.0 (cna)
LOWAV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-11280 |
2025-11-11 15:23:02 | 2025-11-11 07:40:05 |
| NVD | nvd_CVE-2025-11280 |
2025-11-11 15:01:05 | 2025-11-11 07:47:56 |
| CNNVD | cnnvd_CNNVD-202510-748 |
2025-11-11 15:12:29 | 2025-11-11 08:00:21 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202510-748
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']