Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 9, 2025
CVE-2025-65877
CVE-2025-65877
Description
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: < commit c4ea0eb9cab... (before 2025-09-22)
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.