CVE-2026-3741

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

CVE-2025-3369

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been...

PT-2025-3919 · Fanli2012 · Native-Php-Cms

Name of the Vulnerable Software and Affected Versions: Fanli2012 native-php-cms version 1.0 Description: A critical vulnerability was found in the file /fladmin/friendlink dodel.php, where the manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. The exploi...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from a parameter id in the file /fladmin/friendlinkdodel.php that can lead to SQL injection...

CVE-2024-52769

An arbitrary file upload vulnerability in the component /admin/friendlinkedit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-52769

CVE-2024-52769 affects DedeBIZ v6.3.0 with an arbitrary file upload vulnerability in the /admin/friendlink_edit endpoint (also referenced as /admin/friendlink edit). Exploitation allows attackers to execute arbitrary code via a crafted file. The NVD entry cites CVSSv3.1: AV:N/AC:L/PR:H/UI:N/S:U/C...

CVE-2024-11138

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlinkadd.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

PT-2024-16783 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A vulnerability has been found in DedeCMS, affecting the file /dede/uploads/dede/friendlink add.php. The manipulation of the logoimg argument leads to unrestricted upload. It is possible to initiate the...

CVE-2024-2821

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlinkedit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The...

PT-2024-22336 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic issue has been found in DedeCMS, affecting some unknown functionality of the file /src/dede/friendlink edit.php. The manipulation of the id argument leads to cross-site request forgery. The attac...

CVE-2020-20946

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

Cross site scripting

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

CVE-2020-20946

CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...

Qibosoft 跨站脚本漏洞

Qibosoft qibosoft is a content management system CMS from Qibosoft, China. qibosoft has a cross-site scripting vulnerability that originates in the /admin/index.php?lfj=friendlink & action=add link of the admin component of the product. The vulnerability is caused by the...

SQL Injection Vulnerability in phpaaCMS v0.5 admin/friendlink.add.php Page

phpaaCMS is a simple article management system. A SQL injection vulnerability exists in the admin/friendlink.add.php page of phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive information from the database...

SQL injection vulnerability in phpaaCMS friendlink.action.php page

phpaaCMS is a simple article management system. A SQL injection vulnerability exists in the friendlink.action.php page of phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive information about the database...