Search

Find a vulnerability

Search criteria

    6 vulnerabilities by mingyuefusu 明月复苏

    CVE-2025-2832 (GCVE-0-2025-2832)

    Vulnerability from nvd – Published: 2025-03-27 03:31 – Updated: 2025-03-27 13:43
    VLAI
    Title
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
    Summary
    A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery
    • CWE-862 - Missing Authorization
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.301469 vdb-entry
    https://vuldb.com/?ctiid.301469 signaturepermissions-required
    https://vuldb.com/?submit.521460 third-party-advisory
    https://gitee.com/mingyuefusu/tushuguanlixitong/i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Affected: d4836f6b49cd0ac79a4021b15ce99ff7229d4694
    Create a notification for this product.
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2832",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T13:43:29.958682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T13:43:33.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
              "versions": [
                {
                  "status": "affected",
                  "version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-27T03:31:09.720Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-301469 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.301469"
            },
            {
              "name": "VDB-301469 | CTI Indicators (IOB, IOC)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.301469"
            },
            {
              "name": "Submit #521460 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Cross-Site Request Forgery",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.521460"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-26T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-26T21:31:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2832",
        "datePublished": "2025-03-27T03:31:09.720Z",
        "dateReserved": "2025-03-26T20:25:58.253Z",
        "dateUpdated": "2025-03-27T13:43:33.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2831 (GCVE-0-2025-2831)

    Vulnerability from nvd – Published: 2025-03-27 03:00 – Updated: 2025-03-27 13:44
    VLAI
    Title
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
    Summary
    A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.301468 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.301468 signaturepermissions-required
    https://vuldb.com/?submit.521458 third-party-advisory
    https://gitee.com/mingyuefusu/tushuguanlixitong/i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Affected: d4836f6b49cd0ac79a4021b15ce99ff7229d4694
    Create a notification for this product.
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2831",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T13:44:02.894037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T13:44:06.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
              "versions": [
                {
                  "status": "affected",
                  "version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1\u0026limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion getBookList der Datei /admin/bookList?page=1\u0026limit=10. Mit der Manipulation des Arguments condition mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-27T03:00:14.303Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-301468 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.301468"
            },
            {
              "name": "VDB-301468 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.301468"
            },
            {
              "name": "Submit #521458 | \u660e\u6708\u590d\u82cf  \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.521458"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-26T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-26T21:30:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2831",
        "datePublished": "2025-03-27T03:00:14.303Z",
        "dateReserved": "2025-03-26T20:25:55.742Z",
        "dateUpdated": "2025-03-27T13:44:06.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2686 (GCVE-0-2025-2686)

    Vulnerability from nvd – Published: 2025-03-24 05:31 – Updated: 2025-03-24 15:24
    VLAI
    Title
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Backend admin doFilter access control
    Summary
    A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300703 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.300703 signaturepermissions-required
    https://vuldb.com/?submit.521449 third-party-advisory
    https://gitee.com/mingyuefusu/tushuguanlixitong/i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Affected: d4836f6b49cd0ac79a4021b15ce99ff7229d4694
    Create a notification for this product.
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2686",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T15:23:50.490317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T15:24:14.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Backend"
              ],
              "product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
              "versions": [
                {
                  "status": "affected",
                  "version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion doFilter der Datei /admin/ der Komponente Backend. Durch das Manipulieren des Arguments Request mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.4,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-24T05:31:08.563Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300703 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.300703"
            },
            {
              "name": "VDB-300703 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300703"
            },
            {
              "name": "Submit #521449 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Broken Access Control",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.521449"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTS25"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-23T10:22:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2686",
        "datePublished": "2025-03-24T05:31:08.563Z",
        "dateReserved": "2025-03-23T09:17:25.136Z",
        "dateUpdated": "2025-03-24T15:24:14.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2832 (GCVE-0-2025-2832)

    Vulnerability from cvelistv5 – Published: 2025-03-27 03:31 – Updated: 2025-03-27 13:43
    VLAI
    Title
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
    Summary
    A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery
    • CWE-862 - Missing Authorization
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.301469 vdb-entry
    https://vuldb.com/?ctiid.301469 signaturepermissions-required
    https://vuldb.com/?submit.521460 third-party-advisory
    https://gitee.com/mingyuefusu/tushuguanlixitong/i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Affected: d4836f6b49cd0ac79a4021b15ce99ff7229d4694
    Create a notification for this product.
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2832",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T13:43:29.958682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T13:43:33.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
              "versions": [
                {
                  "status": "affected",
                  "version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-27T03:31:09.720Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-301469 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.301469"
            },
            {
              "name": "VDB-301469 | CTI Indicators (IOB, IOC)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.301469"
            },
            {
              "name": "Submit #521460 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Cross-Site Request Forgery",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.521460"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-26T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-26T21:31:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2832",
        "datePublished": "2025-03-27T03:31:09.720Z",
        "dateReserved": "2025-03-26T20:25:58.253Z",
        "dateUpdated": "2025-03-27T13:43:33.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2831 (GCVE-0-2025-2831)

    Vulnerability from cvelistv5 – Published: 2025-03-27 03:00 – Updated: 2025-03-27 13:44
    VLAI
    Title
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
    Summary
    A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.301468 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.301468 signaturepermissions-required
    https://vuldb.com/?submit.521458 third-party-advisory
    https://gitee.com/mingyuefusu/tushuguanlixitong/i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Affected: d4836f6b49cd0ac79a4021b15ce99ff7229d4694
    Create a notification for this product.
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2831",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T13:44:02.894037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T13:44:06.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
              "versions": [
                {
                  "status": "affected",
                  "version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1\u0026limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion getBookList der Datei /admin/bookList?page=1\u0026limit=10. Mit der Manipulation des Arguments condition mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-27T03:00:14.303Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-301468 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.301468"
            },
            {
              "name": "VDB-301468 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.301468"
            },
            {
              "name": "Submit #521458 | \u660e\u6708\u590d\u82cf  \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.521458"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-26T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-26T21:30:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2831",
        "datePublished": "2025-03-27T03:00:14.303Z",
        "dateReserved": "2025-03-26T20:25:55.742Z",
        "dateUpdated": "2025-03-27T13:44:06.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2686 (GCVE-0-2025-2686)

    Vulnerability from cvelistv5 – Published: 2025-03-24 05:31 – Updated: 2025-03-24 15:24
    VLAI
    Title
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Backend admin doFilter access control
    Summary
    A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300703 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.300703 signaturepermissions-required
    https://vuldb.com/?submit.521449 third-party-advisory
    https://gitee.com/mingyuefusu/tushuguanlixitong/i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Affected: d4836f6b49cd0ac79a4021b15ce99ff7229d4694
    Create a notification for this product.
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2686",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T15:23:50.490317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T15:24:14.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Backend"
              ],
              "product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
              "versions": [
                {
                  "status": "affected",
                  "version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion doFilter der Datei /admin/ der Komponente Backend. Durch das Manipulieren des Arguments Request mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.4,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-24T05:31:08.563Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300703 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.300703"
            },
            {
              "name": "VDB-300703 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300703"
            },
            {
              "name": "Submit #521449 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Broken Access Control",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.521449"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTS25"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-23T10:22:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf Backend admin doFilter access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2686",
        "datePublished": "2025-03-24T05:31:08.563Z",
        "dateReserved": "2025-03-23T09:17:25.136Z",
        "dateUpdated": "2025-03-24T15:24:14.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }