Medium severity4.7NVD Advisory· Published Nov 7, 2025· Updated Apr 29, 2026
CVE-2025-12860
CVE-2025-12860
Description
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Affected products
2Patches
Vulnerability mechanics
References
4- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- github.com/ZZCTD/zz_test/issues/2nvdBroken Link
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.