Search criteria
6 vulnerabilities found for tushuguanlixitong 图书管理系统 by mingyuefusu 明月复苏
CVE-2025-2832 (GCVE-0-2025-2832)
Vulnerability from nvd – Published: 2025-03-27 03:31 – Updated: 2025-03-27 13:43
VLAI?
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
Summary
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
4.3 (Medium)
4.3 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301469 | vdb-entry |
| https://vuldb.com/?ctiid.301469 | signaturepermissions-required |
| https://vuldb.com/?submit.521460 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:43:29.958682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:43:33.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:31:09.720Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301469 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.301469"
},
{
"name": "VDB-301469 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301469"
},
{
"name": "Submit #521460 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Cross-Site Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521460"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:31:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2832",
"datePublished": "2025-03-27T03:31:09.720Z",
"dateReserved": "2025-03-26T20:25:58.253Z",
"dateUpdated": "2025-03-27T13:43:33.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2831 (GCVE-0-2025-2831)
Vulnerability from nvd – Published: 2025-03-27 03:00 – Updated: 2025-03-27 13:44
VLAI?
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
Summary
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301468 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.301468 | signaturepermissions-required |
| https://vuldb.com/?submit.521458 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:44:02.894037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:44:06.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1\u0026limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion getBookList der Datei /admin/bookList?page=1\u0026limit=10. Mit der Manipulation des Arguments condition mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:00:14.303Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301468 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.301468"
},
{
"name": "VDB-301468 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301468"
},
{
"name": "Submit #521458 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521458"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:30:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2831",
"datePublished": "2025-03-27T03:00:14.303Z",
"dateReserved": "2025-03-26T20:25:55.742Z",
"dateUpdated": "2025-03-27T13:44:06.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2686 (GCVE-0-2025-2686)
Vulnerability from nvd – Published: 2025-03-24 05:31 – Updated: 2025-03-24 15:24
VLAI?
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Backend admin doFilter access control
Summary
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.5 (Medium)
6.5 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.300703 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.300703 | signaturepermissions-required |
| https://vuldb.com/?submit.521449 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2686",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T15:23:50.490317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:24:14.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Backend"
],
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion doFilter der Datei /admin/ der Komponente Backend. Durch das Manipulieren des Arguments Request mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T05:31:08.563Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300703 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300703"
},
{
"name": "VDB-300703 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300703"
},
{
"name": "Submit #521449 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Broken Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521449"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTS25"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-23T10:22:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2686",
"datePublished": "2025-03-24T05:31:08.563Z",
"dateReserved": "2025-03-23T09:17:25.136Z",
"dateUpdated": "2025-03-24T15:24:14.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2832 (GCVE-0-2025-2832)
Vulnerability from cvelistv5 – Published: 2025-03-27 03:31 – Updated: 2025-03-27 13:43
VLAI?
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
Summary
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
4.3 (Medium)
4.3 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301469 | vdb-entry |
| https://vuldb.com/?ctiid.301469 | signaturepermissions-required |
| https://vuldb.com/?submit.521460 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:43:29.958682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:43:33.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:31:09.720Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301469 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.301469"
},
{
"name": "VDB-301469 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301469"
},
{
"name": "Submit #521460 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Cross-Site Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521460"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:31:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2832",
"datePublished": "2025-03-27T03:31:09.720Z",
"dateReserved": "2025-03-26T20:25:58.253Z",
"dateUpdated": "2025-03-27T13:43:33.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2831 (GCVE-0-2025-2831)
Vulnerability from cvelistv5 – Published: 2025-03-27 03:00 – Updated: 2025-03-27 13:44
VLAI?
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
Summary
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301468 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.301468 | signaturepermissions-required |
| https://vuldb.com/?submit.521458 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:44:02.894037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:44:06.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1\u0026limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion getBookList der Datei /admin/bookList?page=1\u0026limit=10. Mit der Manipulation des Arguments condition mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:00:14.303Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301468 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.301468"
},
{
"name": "VDB-301468 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301468"
},
{
"name": "Submit #521458 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521458"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:30:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2831",
"datePublished": "2025-03-27T03:00:14.303Z",
"dateReserved": "2025-03-26T20:25:55.742Z",
"dateUpdated": "2025-03-27T13:44:06.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2686 (GCVE-0-2025-2686)
Vulnerability from cvelistv5 – Published: 2025-03-24 05:31 – Updated: 2025-03-24 15:24
VLAI?
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Backend admin doFilter access control
Summary
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.5 (Medium)
6.5 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.300703 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.300703 | signaturepermissions-required |
| https://vuldb.com/?submit.521449 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2686",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T15:23:50.490317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:24:14.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Backend"
],
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion doFilter der Datei /admin/ der Komponente Backend. Durch das Manipulieren des Arguments Request mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T05:31:08.563Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300703 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300703"
},
{
"name": "VDB-300703 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300703"
},
{
"name": "Submit #521449 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Broken Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521449"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTS25"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-23T10:22:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2686",
"datePublished": "2025-03-24T05:31:08.563Z",
"dateReserved": "2025-03-23T09:17:25.136Z",
"dateUpdated": "2025-03-24T15:24:14.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}