CVE-2025-65877

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lvzhou CMS versions prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22)

Description The software contains a SQL injection flaw due to unsanitized input. Specifically, the title parameter within the com.wanli.lvzhoucms.service.ContentService#findPage function is directly incorporated into a dynamic SQL query without proper sanitization or the use of prepared statements. This allows attackers to potentially read sensitive data from the database. The vulnerable parameter is title.

Recommendations Update Lvzhou CMS to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) or a later version.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-65877

Affected Products

Lvzhou Cms

CVE-2025-65877

Weakness Enumeration

Related Identifiers

Affected Products

References · 7