Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by mingyuefusu
CVE-2025-2832 (GCVE-0-2025-2832)
Vulnerability from nvd – Published: 2025-03-27 03:31 – Updated: 2025-03-27 13:43
VLAI
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
Summary
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301469 | vdb-entry |
| https://vuldb.com/?ctiid.301469 | signaturepermissions-required |
| https://vuldb.com/?submit.521460 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:43:29.958682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:43:33.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:31:09.720Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301469 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.301469"
},
{
"name": "VDB-301469 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301469"
},
{
"name": "Submit #521460 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Cross-Site Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521460"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:31:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2832",
"datePublished": "2025-03-27T03:31:09.720Z",
"dateReserved": "2025-03-26T20:25:58.253Z",
"dateUpdated": "2025-03-27T13:43:33.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2831 (GCVE-0-2025-2831)
Vulnerability from nvd – Published: 2025-03-27 03:00 – Updated: 2025-03-27 13:44
VLAI
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
Summary
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301468 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.301468 | signaturepermissions-required |
| https://vuldb.com/?submit.521458 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:44:02.894037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:44:06.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1\u0026limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion getBookList der Datei /admin/bookList?page=1\u0026limit=10. Mit der Manipulation des Arguments condition mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:00:14.303Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301468 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.301468"
},
{
"name": "VDB-301468 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301468"
},
{
"name": "Submit #521458 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521458"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:30:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2831",
"datePublished": "2025-03-27T03:00:14.303Z",
"dateReserved": "2025-03-26T20:25:55.742Z",
"dateUpdated": "2025-03-27T13:44:06.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2832 (GCVE-0-2025-2832)
Vulnerability from cvelistv5 – Published: 2025-03-27 03:31 – Updated: 2025-03-27 13:43
VLAI
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
Summary
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301469 | vdb-entry |
| https://vuldb.com/?ctiid.301469 | signaturepermissions-required |
| https://vuldb.com/?submit.521460 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:43:29.958682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:43:33.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:31:09.720Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301469 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.301469"
},
{
"name": "VDB-301469 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301469"
},
{
"name": "Submit #521460 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null Cross-Site Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521460"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:31:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2832",
"datePublished": "2025-03-27T03:31:09.720Z",
"dateReserved": "2025-03-26T20:25:58.253Z",
"dateUpdated": "2025-03-27T13:43:33.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2831 (GCVE-0-2025-2831)
Vulnerability from cvelistv5 – Published: 2025-03-27 03:00 – Updated: 2025-03-27 13:44
VLAI
Title
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
Summary
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.301468 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.301468 | signaturepermissions-required |
| https://vuldb.com/?submit.521458 | third-party-advisory |
| https://gitee.com/mingyuefusu/tushuguanlixitong/i… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mingyuefusu 明月复苏 | tushuguanlixitong 图书管理系统 |
Affected:
d4836f6b49cd0ac79a4021b15ce99ff7229d4694
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:44:02.894037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T13:44:06.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf",
"vendor": "mingyuefusu \u660e\u6708\u590d\u82cf",
"versions": [
{
"status": "affected",
"version": "d4836f6b49cd0ac79a4021b15ce99ff7229d4694"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "enenen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1\u0026limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bis d4836f6b49cd0ac79a4021b15ce99ff7229d4694 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion getBookList der Datei /admin/bookList?page=1\u0026limit=10. Mit der Manipulation des Arguments condition mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:00:14.303Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-301468 | mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.301468"
},
{
"name": "VDB-301468 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.301468"
},
{
"name": "Submit #521458 | \u660e\u6708\u590d\u82cf \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf null SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521458"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-26T21:30:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf bookList getBookList sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2831",
"datePublished": "2025-03-27T03:00:14.303Z",
"dateReserved": "2025-03-26T20:25:55.742Z",
"dateUpdated": "2025-03-27T13:44:06.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}