2 matches found
CVE-2024-9077
The CVE-2024-9077 entry concerns dingfangzu’s Order Checkout component, specifically the scripts/order.js file. The vulnerability is a cross-site scripting issue caused by manipulation of the address-name argument in an unknown function, with remote exploitability and public disclosure. The incid...
CVE-2024-8301
CVE-2024-8301 affects dingfanzu CMS (up to 29d67d9044f6f93378e6eb6ff92272217ff7225c). The vulnerability is a SQL injection in the /ajax/checkin.php endpoint, triggered by manipulating the username parameter. It is exploitable remotely and was disclosed publicly. The supplied documents do not prov...