Dasinfomedia 厂商漏洞列表 / CVE 中文分析 18

Dasinfomedia 厂商相关 18 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

该厂商专注于企业级软件开发，主要提供各类商业软件解决方案。历史上，其产品常见漏洞类型包括远程代码执行、跨站脚本请求伪造和权限绕过等。根据最新统计，其产品已记录18条CVE漏洞，其中多个被归类为高危级别。安全研究人员曾指出其部分组件存在输入验证不足问题，可能导致未授权访问。建议用户及时更新至最新版本，并实施最小权限原则以降低潜在风险。

上位製品 Dasinfomedia: School Management System for Wordpress WPGYM - Wordpress Gym Management System WPCHURCH

CVEs 18

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2025-31643	WordPress WPCHURCH plugin <= 2.7.0 - Privilege Escalation Vulnerability — WPCHURCHCWE-266	8.8	High	2026-01-07
CVE-2025-31642	WordPress WPCHURCH plugin <= 2.7.0 - Reflected Cross Site Scripting (XSS) vulnerability — WPCHURCHCWE-79	7.1	High	2026-01-06
CVE-2025-7049	WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — WPGYM - Wordpress Gym Management SystemCWE-639	8.8	High	2025-09-10
CVE-2025-6079	School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload — School Management System for WordpressCWE-434	8.8	High	2025-08-16
CVE-2025-6080	WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation — WPGYM - Wordpress Gym Management SystemCWE-269	8.8	High	2025-08-16
CVE-2025-3671	WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update — WPGYM - Wordpress Gym Management SystemCWE-22	8.8	High	2025-08-16
CVE-2024-12612	School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection — School Management System for WordpressCWE-89	7.5	High	2025-08-16
CVE-2025-3740	School Management System for Wordpress <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update — School Management System for WordpressCWE-22	8.8	High	2025-07-18
CVE-2025-7442	WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection — WPGYM - Wordpress Gym Management SystemCWE-89	7.5	High	2025-07-11
CVE-2024-9658	School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation — School Management System for WordpressCWE-288	8.8	High	2025-03-07
CVE-2024-12609	School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' — School Management System for WordpressCWE-89	6.5	Medium	2025-03-07
CVE-2024-12610	School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — School Management System for WordpressCWE-862	5.3	Medium	2025-03-07
CVE-2024-12611	School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting — School Management System for WordpressCWE-862	5.3	Medium	2025-03-07
CVE-2024-12607	School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' — School Management System for WordpressCWE-89	6.5	Medium	2025-03-07
CVE-2024-9659	School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload — School Management System for WordpressCWE-434	9.8	Critical	2024-11-23
CVE-2024-9941	WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — WPGYM - Wordpress Gym Management SystemCWE-269	8.8	High	2024-11-23
CVE-2024-9942	WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload — WPGYM - Wordpress Gym Management SystemCWE-434	9.8	Critical	2024-11-23
CVE-2024-9660	School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload — School Management System for WordpressCWE-434	8.8	High	2024-11-23

本页汇总了 Dasinfomedia 厂商截至目前公开的全部 18 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

Dasinfomedia 厂商漏洞列表 / CVE 中文分析 18

目標達成すべての支援者に感謝 — 100%達成しました！