5 matches found
CVE-2025-0487
The CVE-2025-0487 entry affects Fanli2012 native-php-cms 1.0. The vulnerable component is the file /fladmin/cat_edit.php, where manipulation of the id parameter enables SQL injection. Exploitation is described as possible remotely and publicly disclosed, indicating an active risk. Several connect...
CVE-2025-0491
Fanli2012 native-php-cms 1.0 contains a SQL injection flaw in an unknown function of /fladmin/cat_dodel.php triggered by manipulating the id parameter. The issue is exploitable remotely and an exploit has been disclosed publicly. Several sources list this CVE (CVE-2025-0491) with critical severit...
CVE-2025-0485
CVE-2025-0485 — Fanli2012 native-php-cms 1.0 is affected. An unknown function in /fladmin/sysconfig_doedit.php is susceptible to cross-site scripting via manipulation of the argument info. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly. No remediation det...
CVE-2025-0484
Fanli2012 native-php-cms 1.0 Backend module vulnerability in the file /fladmin/sysconfig_doedit.php allows improper authorization. A remote attacker could exploit this, with public disclosure of the exploit noted in the CVE description. The issue is described across multiple sources (NVD, RHAC, C...
CVE-2025-0486
CVE-2025-0486 affects Fanli2012 native-php-cms 1.0. The vulnerability lies in the /fladmin/login.php file, where manipulating the username parameter enables SQL injection. It is exploitable remotely and has been disclosed publicly. Multiple sources corroborate the issue with high impact across co...