CVE-2024-57765

High CVSS: 7.5

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.

Vendor

Product

CWE

Yayın Tarihi

2025-01-15 00:15:34

Güncelleme

2025-04-10 15:37:47

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Mysiteforme HIGH Wangl1989 2025

https://gitee.com/wanglingxiao/mysiteforme/issues/IBFVK9

Critical

CVE-2025-26136

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Critical

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

Critical

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

Critical

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.

High

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.