Blog
givanz/Vvveb
Powerful and easy to use cms to build websites, blogs or ecommerce stores.
#cms#page-builder#ecommerce-platform#php#blog-platform#blog-engine#content-management#php8#shopping-cart#website-builder#php7#php-cms#backend#blogging#ecommerce#self-hosted#web-application#no-code#content-management-system#blog
スコア
65
/ 100
Star
1,067
Fork
196
Open Issue
143
サイズ
15MB
言語
HTML
最終push
2 日前
Docker
🐳 両方 ★
採点内訳
過去CVE 15件 (やや多い)
✓直近 push: 2 日前
✓得意言語 (HTML)
—オープンissue 143件
✓中規模 (15MB)
✓Docker 対応 (Dockerfile + compose)
✓1k–10k: 初心者ベスト (★1,067)
✓※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (15 件)
- Stored XSS in Posts allows privilege escalation via post editor
- Unauthenticated reflected XSS in public product return form via customer_order_id
- Authenticated SQL injection in /user/orders via order_by and direction
- Vvveb checkout IDOR allows unauthorized reuse of another user's cart
- Vvveb admin/auth-token IDOR allows unauthorized disclosure of administrator REST API tokens
- Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals
- Unauthenticated Remo te Code Execution via .phtml + .htaccess Upload (Apache Deployments)
- Unauthenticated Reflected Cross-Site Scripting via Editor Preview Bypass
- Unauthenticated phpMyAdmin (auth_type=config) Yields Full Database Read/Write and Bcrypt Hash Dump
- Pre-authentication PHP Stack-Trace and Source-Code Disclosure via DEBUG=true
- Authenticated RCE via `editor/code/save` `.htaccess` Override (Editor / Author / Contributor / Site_admin)
- Authenticated XXE in `tools/import` Reaches Site_admin → Arbitrary File Read + Lateral Move to Super_admin
- Stored XSS via Comment Author Field
- Stored Cross-Site Scripting via HTML File Upload Bypass
- Privilege Escalation to Super Administrator via Profile Save Form