CVE-2025-22976

Name of the Vulnerable Software and Affected Versions dingfanzuCMS version 1.0

Description The issue allows a local attacker to execute arbitrary code due to incorrect filtering of content at the checkOrder.php shopId module. This enables the attacker to perform SQL injection attacks.

Recommendations For dingfanzuCMS version 1.0, as a temporary workaround, consider disabling the checkOrder.php module until a patch is available. Restrict access to the shopId module to minimize the risk of exploitation. Avoid using the shopId parameter in the affected checkOrder.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.