11 matches found
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
PT-2025-45162
Name of the Vulnerable Software and Affected Versions XiaozhangBang Voluntary Like System version 8.8 Description A flaw exists in the XiaozhangBang Voluntary Like System version 8.8 that allows remote attackers to manipulate the zhekou parameter within the /topfirst.php Pay module. By sending a...
EUVD-2025-37929
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-60784
Summary : CVE-2025-60784 affects XiaozhangBang Voluntary Like System V8.8. The vulnerable component is the Pay module function in the /topfirst.php endpoint, where the server fails to validate parameters. Impact : remote attackers can set zhekou to an abnormally low value to buy votes at reduced ...
EUVD-2013-3471
Malware in sbrugna...
CVE-2013-3536
SQL injection vulnerability in the gpLoadUserFromHash function in functionshash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter...
phpcms 9.4.2 /phpcms/modules/pay/respond.php 路径泄漏
No description provided by source...
CVE-2013-3536
CVE-2013-3536 describes a SQL injection vulnerability in the Group Pay module (WHMCS) gp_LoadUserFromHash in functions_hash.php for version 1.5 and earlier. The issue allows remote attackers to execute arbitrary SQL commands through the hash parameter, potentially impacting confidentiality, integ...