CVE-2025-26136

Critical CVSS: 9.8

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Vendor

Product

CWE

Yayın Tarihi

2025-03-04 21:15:13

Güncelleme

2025-06-24 00:54:20

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Mysiteforme CRITICAL Wangl1989 2025

https://gist.github.com/xiadmin6/6d664692d31a04eb59096a488b9f3712

Critical

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

Critical

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57765

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.

Critical

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.

High

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.