CVE-2025-47815 - GNU PSPP Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-47815
Published : May 10, 2025, 10:15 p.m. | 47 minutes ago
Description : libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47815
Published : May 10, 2025, 10:15 p.m. | 47 minutes ago
Description : libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47816 - GNU PSPP XML Processing Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-47816
Published : May 10, 2025, 10:15 p.m. | 47 minutes ago
Description : libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47816
Published : May 10, 2025, 10:15 p.m. | 47 minutes ago
Description : libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47817 - BlueWave Checkmate Role Parameter Injection Vulnerability
CVE ID : CVE-2025-47817
Published : May 10, 2025, 10:15 p.m. | 47 minutes ago
Description : In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47817
Published : May 10, 2025, 10:15 p.m. | 47 minutes ago
Description : In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4525 - Discord WINSTA.dll Uncontrolled Search Path Vulnerability
CVE ID : CVE-2025-4525
Published : May 10, 2025, 11:15 p.m. | 3 hours, 46 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4525
Published : May 10, 2025, 11:15 p.m. | 3 hours, 46 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4526 - Dígitro NGC Explorer Password Field Masking Vulnerability
CVE ID : CVE-2025-4526
Published : May 11, 2025, 1:15 a.m. | 1 hour, 46 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4526
Published : May 11, 2025, 1:15 a.m. | 1 hour, 46 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47828 - Lumi H5P Nodejs Library HTML Injection Vulnerability
CVE ID : CVE-2025-47828
Published : May 11, 2025, 3:15 a.m. | 3 hours, 48 minutes ago
Description : Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47828
Published : May 11, 2025, 3:15 a.m. | 3 hours, 48 minutes ago
Description : Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4527 - Dígitro NGC Explorer Remote Code Execution Vulnerability
CVE ID : CVE-2025-4527
Published : May 11, 2025, 3:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4527
Published : May 11, 2025, 3:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4528 - Dígitro NGC Explorer Remote Session Expiration Vulnerability
CVE ID : CVE-2025-4528
Published : May 11, 2025, 3:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4528
Published : May 11, 2025, 3:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4529 - Seeyon Zhiyuan OA Web Application System Path Traversal Vulnerability
CVE ID : CVE-2025-4529
Published : May 11, 2025, 4:15 a.m. | 2 hours, 49 minutes ago
Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controller\M3CoreController.class of the component ZIP File Handler. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4529
Published : May 11, 2025, 4:15 a.m. | 2 hours, 49 minutes ago
Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controller\M3CoreController.class of the component ZIP File Handler. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4530 - Feng Ha Ha Megagao SSM-ERP/Production SSM Path Traversal Vulnerability
CVE ID : CVE-2025-4530
Published : May 11, 2025, 5:15 a.m. | 1 hour, 49 minutes ago
Description : A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4530
Published : May 11, 2025, 5:15 a.m. | 1 hour, 49 minutes ago
Description : A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4531 - Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability
CVE ID : CVE-2025-4531
Published : May 11, 2025, 6:15 a.m. | 49 minutes ago
Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4531
Published : May 11, 2025, 6:15 a.m. | 49 minutes ago
Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4532 - Shanghai Bairui Information Technology SunloginClient DLL Search Path Vulnerability (Uncontrolled Search Path)
CVE ID : CVE-2025-4532
Published : May 11, 2025, 6:15 a.m. | 49 minutes ago
Description : A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4532
Published : May 11, 2025, 6:15 a.m. | 49 minutes ago
Description : A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4533 - JeecgBoot Document Library Upload Remote Resource Consumption Vulnerability
CVE ID : CVE-2025-4533
Published : May 11, 2025, 7:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4533
Published : May 11, 2025, 7:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4534 - SunGrow Logger1000 Remote Weak Password Requirements Vulnerability
CVE ID : CVE-2025-4534
Published : May 11, 2025, 8:15 a.m. | 2 hours, 49 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4534
Published : May 11, 2025, 8:15 a.m. | 2 hours, 49 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4535 - Gosuncn Technology Group Audio-Visual Integrated Management Platform Remote Configuration File Handler Information Disclosure
CVE ID : CVE-2025-4535
Published : May 11, 2025, 8:15 a.m. | 2 hours, 49 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4535
Published : May 11, 2025, 8:15 a.m. | 2 hours, 49 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4536 - Gosuncn Technology Group Audio-Visual Integrated Management Platform Remote Information Disclosure
CVE ID : CVE-2025-4536
Published : May 11, 2025, 9:15 a.m. | 1 hour, 49 minutes ago
Description : A vulnerability has been found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmgr/user/listByPage. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4536
Published : May 11, 2025, 9:15 a.m. | 1 hour, 49 minutes ago
Description : A vulnerability has been found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmgr/user/listByPage. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4537 - RuoYi-Vue Cleartext Storage of Sensitive Information in Cookie
CVE ID : CVE-2025-4537
Published : May 11, 2025, 10:15 a.m. | 49 minutes ago
Description : A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4537
Published : May 11, 2025, 10:15 a.m. | 49 minutes ago
Description : A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4538 - KKFileView Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-4538
Published : May 11, 2025, 11:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4538
Published : May 11, 2025, 11:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4539 - Hainan ToDesk DLL File Parser Uncontrolled Search Path Vulnerability
CVE ID : CVE-2025-4539
Published : May 11, 2025, 11:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4539
Published : May 11, 2025, 11:15 a.m. | 3 hours, 48 minutes ago
Description : A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4540 - MTSoftware C-Lodop Unquoted Search Path Vulnerability
CVE ID : CVE-2025-4540
Published : May 11, 2025, 4:15 p.m. | 2 hours, 48 minutes ago
Description : A vulnerability was found in MTSoftware C-Lodop 6.6.1.1. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4540
Published : May 11, 2025, 4:15 p.m. | 2 hours, 48 minutes ago
Description : A vulnerability was found in MTSoftware C-Lodop 6.6.1.1. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4541 - LmxCMS SQL Injection Vulnerability
CVE ID : CVE-2025-4541
Published : May 11, 2025, 4:15 p.m. | 2 hours, 48 minutes ago
Description : A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4541
Published : May 11, 2025, 4:15 p.m. | 2 hours, 48 minutes ago
Description : A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...