CVE-2025-0482

The CVE-2025-0482 entry describes a critical vulnerability in Fanli2012 native-php-cms 1.0 affecting an unspecified portion of /fladmin/user_recoverpwd.php. The underlying issue is improper handling in that file, enabling use of default credentials. Attacks can be initiated remotely and the explo...

CVE-2025-0489

CVE-2025-0489 affects Fanli2012 native-php-cms 1.0. The vulnerability resides in /fladmin/friendlink_dodel.php where manipulation of the id parameter leads to SQL injection. The issue can be triggered remotely and public exploit information exists. Affected component: file handling friendlink_dod...

CVE-2025-0483

CVE-2025-0483 affects Fanli2012 native-php-cms 1.0. The vulnerability resides in /fladmin/jump.php, where improper handling/manipulation of the message/error parameter enables cross-site scripting. It is a remote issue with the exploit having been disclosed publicly. Multiple sources summarize th...

CVE-2025-0490

CVE-2025-0490 affects Fanli2012 native-php-cms 1.0. The issue is in the processing of /fladmin/article_dodel.php, where manipulating the parameter id leads to an SQL injection. This vulnerability can be exploited remotely, and the exploit has been publicly disclosed. Evidence across multiple sour...

CVE-2025-0488

CVE-2025-0488 affects Fanli2012 native-php-cms 1.0, specifically the product_list.php file where manipulation of the cat parameter yields SQL injection. The vulnerability enables remote exploitation; public exploits have been disclosed. Available connected reports corroborate the affected compone...

CVE-2021-36503

CVE-2021-36503 is a SQL injection vulnerability affecting native-php-cms version 1.0. The issue allows remote attackers to execute arbitrary SQL commands by supplying crafted input to the cat parameter of the /list.php endpoint. The CVSS v3.1 base score is 9.8 (CRITICAL) with Network attack vecto...