Description

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.

INFO

Published Date :

2025-12-02T00:00:00.000Z

Last Modified :

2025-12-09T17:01:57.558Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65877 vulnerability.

Vendors Products
Wanli
  • Lvzhou Cms
Wanliofficial
  • Lvzhou Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65877.

URL Resource
https://github.com/W000i/vuln/issues/1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact