15 matches found
CVE-2025-7936
The CVE-2025-7936 entry affects the fuyang_lipengjun platform, specifically the ScheduleJobLogController.java in the queryPage function. The root cause is manipulation of the beanName/methodName argument, enabling SQL injection via a remote attack. Multiple trusted sources note that the exploit h...
CVE-2025-9936
CVE-2025-9936 affects fuyang_lipengjun platform 1.0.0, specifically the AdController function in /ad/queryAll. The root cause is improper authorization allowing remote exploitation. Multiple sources (NVD, Red Hat, CNVD, CVE listings) describe a remotely executable issue with a publicly available ...
CVE-2025-10675
CVE-2025-10675 affects fuyang_lipengjun platform 1.0, specifically the AttributeController handling /attribute/queryAll. The underlying issue is improper authorization in the AttributeController, enabling remote exploitation. Public exploit is reported across sources, indicating active risk. Conn...
CVE-2025-10676
The CVE-2025-10676 entry concerns the fuyang_lipengjun platform 1.0, specifically the BrandController function in /brand/queryAll. The connected documents describe an improper authorization vulnerability that can be exploited remotely, with publicly available exploit code. The issue affects the B...
CVE-2025-10820
CVE-2025-10820 affects the fuyang_lipengjun platform 1.0, specifically the TopicController function in /topic/queryAll. The vulnerability results from improper authorization, enabling remote exploitation. Public exploits exist, and multiple sources (Red Hat, CVEs and vulnerability trackers) corro...
CVE-2025-10821
CVE-2025-10821 affects fuyang_lipengjun platform 1.0. The vulnerable element is TopicCategoryController in /topiccategory/queryAll, causing improper authorization. This allows remote attacks; exploits have been published and may be used. According to provided metrics, CVSS details indicate MEDIUM...
CVE-2025-7934
CVE-2025-7934 affects the fuyang_lipengjun platform, specifically the ScheduleJobController.queryPage function in platform-schedule/src/main/java/com/platform/controller/ScheduleJobController.java. The root cause is manipulation of the beanName argument, which leads to a SQL injection vulnerabili...
CVE-2025-10674
CVE-2025-10674 affects the fuyang_lipengjun platform v1.0, specifically the AttributeCategoryController at /attributecategory/queryAll. The vulnerability is described as improper authorization that can be exploited remotely, with public exploit material available. Connected sources corroborate th...
CVE-2025-10822
CVE-2025-10822 affects the fuyang_lipengjun platform version 1.0, specifically the SysSmsLogController in /sys/smslog/queryAll. The root cause is improper authorization, allowing potential remote exploitation. Public disclosures exist and exploit maturity is noted as PROOF-OF-CONCEPT in some sour...
CVE-2025-10819
The CVE-2025-10819 entry affects the fuyang_lipengjun platform 1.0, specifically the UserCouponController function in /usercoupon/queryAll. The root cause is improper authorization, enabling remote exploitation. Public exploit details are present in the records, with CVSS data indicating medium s...
CVE-2025-10086
CVE-2025-10086 affects fuyang_lipengjun platform 1.0.0. The vulnerability is in the AdPositionController's /adposition/queryAll function, causing improper authorization. It can be triggered remotely and exploitable publicly; CVSS data suggests MEDIUM impact with network access and low privileges ...
CVE-2025-7935
The CVE-2025-7935 entry concerns the fuyang_lipengjun platform, specifically the SysLogController.java in platform-admin/src/main/java/com/platform/controller. The root cause is manipulation of the argument key that enables SQL injection, with remote exploitation reported. Public disclosure of th...
CVE-2025-57213
CVE-2025-57213 affects platform v1.0.0. The vulnerability arises from incorrect access control in the component orderService.queryObject, enabling an attacker to access sensitive information via a crafted request. Current documents do not specify the affected software family beyond platform v1.0....
CVE-2025-57210
CVE-2025-57210 affects platform v1.0.0 due to incorrect access control in the ApiPayController.java component. The Red Hat/CNNVD/NVD-family entries corroborate a vulnerability allowing access to sensitive information via unspecified vectors. The NVD/CVE metrics indicate a high-severity issue (CVS...
CVE-2025-57212
CVE-2025-57212 affects platform v1.0.0 in the ApiOrderService.java component, where improper access control may allow an attacker to disclose sensitive information via a crafted request. Evidence across multiple sources confirms the same description without additional exploit details. The vulnera...