MidnightBSD

Advisories for geeeeeeeek

CVE-2024-48341

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
geeeeeeeek dingfanzu 1.0
CVE-2024-50651

java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

Products Affected

Vendor Product Version
geeeeeeeek java_shop 1.0
CVE-2024-50652

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.

Products Affected

Vendor Product Version
geeeeeeeek java_shop 1.0
CVE-2025-28100

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
geeeeeeeek dingfanzu 1.0