Browse all 5 CVE security advisories affecting dingfanzu. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dingfanzu is a Chinese software vendor primarily focused on developing enterprise collaboration and productivity tools. Historically, their products have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper access controls. Privilege escalation vulnerabilities have also been recurrent in their systems. Security researchers have identified multiple critical vulnerabilities in their platforms, including several that allowed unauthorized access to sensitive data. The vendor has addressed these issues through patches, though the consistent pattern of similar vulnerabilities suggests ongoing challenges in secure development practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1544 | dingfanzu CMS loadShopInfo.php sql injection — CMSCWE-89 | 6.3 | Medium | 2025-02-21 |
| CVE-2024-9294 | dingfanzu CMS saveNewPwd.php sql injection — CMSCWE-89 | 6.3 | Medium | 2024-09-27 |
| CVE-2024-8303 | dingfanzu CMS getBasicInfo.php sql injection — CMSCWE-89 | 6.3 | Medium | 2024-08-29 |
| CVE-2024-8302 | dingfanzu CMS chpwd.php sql injection — CMSCWE-89 | 6.3 | Medium | 2024-08-29 |
| CVE-2024-8301 | dingfanzu CMS checkin.php sql injection — CMSCWE-89 | 7.3 | High | 2024-08-29 |
This page lists every published CVE security advisory associated with dingfanzu. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.