Tenda M3 /goform/setAdInfoDetail File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the parameter...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15233

CVE-2025-15233 affects Tenda M3 1.0.0.13(4903). The heap-based buffer overflow occurs in the function formSetAdInfoDetails within /goform/setAdInfoDetail when manipulating arguments including adName, smsPassword, smsAccount, weixinAccount, weixinName, smsSignature, adRedirectUrl, adCopyRight, sms...

CVE-2008-5977

SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via 1 the adname parameter in a Submit action or 2 the UserName field...