Filtered by vendor Wanli
Subscriptions
Filtered by product Lvzhou Cms
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65877 | 1 Wanli | 1 Lvzhou Cms | 2025-12-04 | 6.5 Medium |
| Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database. | ||||
Page 1 of 1.