5 matches found
CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...
CVE-2025-65877
Lvzhou CMS prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 is vulnerable to SQL injection via the title parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The input is concatenated into a dynamic SQL query without sanitization or prepared statements, enabling reading of se...
CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...
PT-2025-48773
Name of the Vulnerable Software and Affected Versions Lvzhou CMS versions prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 Description The software contains a SQL injection flaw due to unsanitized input. Specifically, the title parameter within the...
CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...