CVE-2025-60784

EPSS 0.05% · P16 Updated Nov 06, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-60784

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase votes at a reduced cost. Furthermore, by modifying the zid parameter, attackers can influence purchases made by other users, amplifying the impact. This issue stems from insufficient server-side validation of these parameters, potentially leading to economic loss and unfair manipulation of vote counts.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

XiaozhangBang Voluntary Like System 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

XiaozhangBang Voluntary Like System是中国校长邦（XiaozhangBang）公司的一个点赞软件。 XiaozhangBang Voluntary Like System V8.8版本存在安全漏洞，该漏洞源于对文件/topfirst.php中参数zhekou和zid的服务器端验证不足，可能导致未经授权的折扣操作和投票操纵。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-60784

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-60784

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-11-05 · 20 CVEs total

CVE-2025-57130	8.3 HIGH	ZwiiCMS 安全漏洞
CVE-2025-12745	5.3 MEDIUM	QuickJS quickjs.c js_array_buffer_slice buffer over-read
CVE-2025-56232		GOG Galaxy 安全漏洞
CVE-2025-63334		PocketVJ CP 安全漏洞
CVE-2025-63585		Open Source Social Network 安全漏洞
CVE-2025-63417		SelfBest 安全漏洞
CVE-2025-63418		SelfBest 安全漏洞
CVE-2025-55343		Ecuador Quipux 安全漏洞
CVE-2025-55342		Ecuador Quipux 安全漏洞
CVE-2025-55341		Ecuador Quipux 安全漏洞
CVE-2025-63416		SelfBest 安全漏洞
CVE-2025-56231		Tonec Internet Download Manager 安全漏洞
CVE-2025-63248		DWSurvey 安全漏洞
CVE-2025-57244		OpenKM Community Edition 安全漏洞
CVE-2025-59716		guests 安全漏洞
CVE-2025-61304		Dynatrace ActiveGate 安全漏洞
CVE-2025-63601		Snipe-IT 安全漏洞
CVE-2025-60753		libarchive 安全漏洞
CVE-2025-61084		MDaemon Mail Server 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-60784

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-60784

I. Basic Information for CVE-2025-60784

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-60784

III. Intelligence Information for CVE-2025-60784

Same Patch Batch · n/a · 2025-11-05 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-60784

Leave a comment