SQL Injection Vulnerability in dingfanzuCMS by dingfanzu
CVE-2025-28100

Currently unrated

Key Information:

Vendor: dingfanzu
Status: dingfanzuCMS
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-28100?

A SQL injection vulnerability has been identified in dingfanzuCMS version 1.0, which allows attackers to manipulate SQL queries through the 'id' parameter in the operateOrder.php file. This exploitation occurs due to insufficient input sanitation, enabling unauthorized execution of arbitrary SQL commands. Attackers can potentially access sensitive database information or execute harmful code, posing a significant security risk to applications utilizing this version of dingfanzuCMS.

References

https://github.com/gh3-dk/vul/blob/main/sql%20injection/d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 11, 2025