Description

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase votes at a reduced cost. Furthermore, by modifying the zid parameter, attackers can influence purchases made by other users, amplifying the impact. This issue stems from insufficient server-side validation of these parameters, potentially leading to economic loss and unfair manipulation of vote counts.

INFO

Published Date :

2025-11-05T00:00:00.000Z

Last Modified :

2025-11-05T21:01:51.302Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60784 vulnerability.

Vendors Products
Xiaozhangbang
  • Voluntary Like System
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60784.

URL Resource
https://github.com/GoogTech/CVE/blob/master/Incorrect%20Access%20Control/Incorrect-Access-Control-in-XiaozhangBang-Voluntary-Like-System-V8.8.md cve-icon cve-icon
https://github.com/GoogTech/CVE/blob/master/Incorrect-Access-Control-in-XiaozhangBang-Voluntary-Like-System-V8.8.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact