CVE-2025-15130
Unknown Unknown - Not Provided
Remote Code Injection in shanyu SyCms Admin Panel (addPost

Publication date: 2025-12-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15130
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shanyu sycms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the addPost function of the FileManageController in the administrative panel of shanyu SyCms. It allows an attacker to perform code injection remotely, meaning they can insert and execute malicious code on the affected system. The vulnerability affects versions up to a specific commit and only impacts unsupported versions of the product.

Impact Analysis

The vulnerability can lead to unauthorized code execution on the affected system, potentially allowing attackers to manipulate, damage, or take control of the system remotely. This can result in data loss, service disruption, or further compromise of the environment.

Detection Guidance

This vulnerability can be detected by searching for the presence of the vulnerable file path or by identifying suspicious HTTP POST requests targeting the addPost function in the FileManageController. One detection method is to look for HTTP POST requests to the endpoint /Admin/FileManage/add with parameters such as 'path', 'title', and 'content' that may indicate arbitrary file writes. Additionally, Google dorking can be used to find exposed instances by searching for URLs containing the file path Application/Admin/Controller/FileManageController.class.php. A sample command to detect suspicious POST requests in web server logs could be: grep -i '/Admin/FileManage/add' /var/log/apache2/access.log or using a network monitoring tool to filter HTTP POST requests to that endpoint. Monitoring for unexpected PHP files created in directories like Runtime/ can also help detect exploitation attempts. [1, 3]

Mitigation Strategies

Immediate mitigation steps include disabling or restricting access to the administrative panel, especially the file upload functionality in the FileManageController. Since no patches or countermeasures are available and the product is no longer supported, it is recommended to replace SyCms with an alternative content management system. Additionally, ensure that only trusted and authenticated administrative users have access, and monitor for any suspicious file creations or modifications on the server. Applying strict access controls and network segmentation to limit exposure of the administrative interface can also reduce risk. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15130. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart