PT-2025-3918 · Unknown · Fanli2012 Native-Php-Cms
Lvzc1
+1
·
Published
2025-01-15
·
Updated
2025-05-05
·
CVE-2025-0488
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fanli2012 native-php-cms version 1.0
Description
A critical vulnerability has been found in the product list.php file of Fanli2012 native-php-cms. The issue is related to the manipulation of the
cat argument, which leads to SQL injection. This can be exploited remotely. The exploit has been publicly disclosed.Recommendations
For Fanli2012 native-php-cms version 1.0, consider restricting access to the product list.php file or disabling the manipulation of the
cat argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fanli2012 Native-Php-Cms