CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The CVE-2024-48341 entry concerns dingfanzu CMS V1.0, which has a Cross-Site Request Forgery (CSRF) flaw in the /admin/doAdminAction.php?act=addShop endpoint. The vulnerability is described with CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N, base score 3.7 (LOW), indicating potential information ...

3.7CVSS6.8AI score0.00035EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/09/08 12:0 a.m.•2 views

dingfanzu 安全漏洞

dingfanzu is a php based takeaway ordering website by gk2007 individual developer. A security vulnerability exists in dingfanzu version V1.0, which originates from a cross-site request forgery vulnerability in the /admin/doAdminAction.php component...

3.7CVSS6.7AI score0.00035EPSS

Exploits1References2

Positive Technologies•added 2025/09/08 12:0 a.m.•3 views

PT-2025-36498

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The application suffers from a Cross-Site Request Forgery CSRF issue. This occurs through the /admin/doAdminAction.php?act=addShop component. Recommendations: Apply appropriate CSRF protection mechanisms...

3.7CVSS6.4AI score0.00035EPSS

Exploits1References5

Cvelist•added 2025/09/08 12:0 a.m.•7 views

CVE-2024-48341

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addShop...

0.00035EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:37 a.m.•4 views

CVE-2024-9294

A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be...

6.5CVSS7.4AI score0.00091EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:33 a.m.•2 views

CVE-2024-46485

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=addCate...

6.3CVSS5.9AI score0.00075EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:33 a.m.•3 views

CVE-2024-46600

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/doAdminAction.php?act=delCate=31...

4.7CVSS7.6AI score0.00052EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:28 a.m.•3 views

CVE-2024-48758

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code...

6.1CVSS8.3AI score0.00643EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:30 a.m.•4 views

CVE-2024-48291

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin=17...

6.3CVSS6.5AI score0.0009EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:19 a.m.•4 views

CVE-2024-8302

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched...

9.8CVSS9.5AI score0.00106EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by