VYPR
Vendor

Dingfanzu

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2025-28100CriApr 15, 2025
    risk 0.64cvss 9.8epss 0.01

    A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.

  • CVE-2024-50966CriNov 8, 2024
    risk 0.60cvss 9.3epss 0.00

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.

  • CVE-2024-8301HigAug 29, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql…

  • CVE-2025-22976HigJan 15, 2025
    risk 0.46cvss 7.1epss 0.00

    SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module.

  • CVE-2025-1544MedFeb 21, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Affected is an unknown function of the file /ajax/loadShopInfo.php. The manipulation of the argument shopId leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2024-48291MedOct 28, 2024
    risk 0.41cvss 6.3epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17

  • CVE-2024-48191MedOct 28, 2024
    risk 0.41cvss 6.3epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17

  • CVE-2024-9294MedSep 27, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection.…

  • CVE-2024-46485MedSep 25, 2024
    risk 0.41cvss 6.3epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate

  • CVE-2024-8303MedAug 29, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate…

  • CVE-2024-8302MedAug 29, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The…

  • CVE-2024-48758MedOct 16, 2024
    risk 0.40cvss 6.1epss 0.00

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code

  • CVE-2024-46600MedSep 25, 2024
    risk 0.31cvss 4.7epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31

  • CVE-2024-48341Sep 8, 2025
    risk 0.00cvss epss 0.00

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop