CVE-2025-8808 – Tianti CSV Injection Vulnerability

August 10, 2025

CVE ID : CVE-2025-8808

Published : Aug. 10, 2025, 12:15 p.m. | 13 hours, 26 minutes ago

Description : A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8809 – Code-projects Online Medicine Guide SQL Injection Vulnerability

Next Article CVE-2025-8807 – “Xujeff Tianti 天梯 Remote Missing Authorization Vulnerability”

Highlights

CVE-2025-3823 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

April 20, 2025

CVE ID : CVE-2025-3823

Published : April 20, 2025, 11:15 a.m. | 3 hours, 33 minutes ago

Description : A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-8808 – Tianti CSV Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

This Week in Laravel: React.js, Filament vs Laravel, and Junior Test

Windows 11 25H2 adds official bloatware removal option through Group Policy

Blade Authorization Directives for View Security

CVE-2025-30949 – Telegram Guru Team Site Chat Object Injection Vulnerability

CVE-2025-3823 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems

CVE-2025-5315 – GitLab Guest Role Bypass API Vulnerability (Authentication Bypass)

CVE-2025-5455 – Qt Denial of Service Vulnerability in qDecodeDataUrl Function

CVE-2025-8808 – Tianti CSV Injection Vulnerability

Related Posts