Critical severity9.8NVD Advisory· Published Apr 15, 2025· Updated Jun 17, 2026
CVE-2025-28100
CVE-2025-28100
Description
A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- dingfanzuCMS/dingfanzuCMSdescription
- Range: =1.0
Patches
Vulnerability mechanics
References
1- github.com/gh3-dk/vul/blob/main/sql%20injection/dingfanzu/dingfanzu-CMS%20operateOrder.php%20id%20SQL-inject.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.