CVE-2025-3979 – Dazhouda Lcms CSRF Vulnerability

April 27, 2025

CVE ID : CVE-2025-3979

Published : April 27, 2025, 6:15 p.m. | 49 minutes ago

Description : A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3980 – Wowjoy Internet Doctor Workstation System Remote Unauthorized Access Vulnerability

Next Article CVE-2025-3978 – Dazhouda Lcms Information Disclosure Vulnerability

Highlights

CVE-2025-5328 – “Chshcms McCms Remote Path Traversal Vulnerability”

May 29, 2025

CVE ID : CVE-2025-5328

Published : May 29, 2025, 9:15 p.m. | 18 minutes ago

Description : A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-3979 – Dazhouda Lcms CSRF Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More

Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters

iOS and Android juice jacking defenses have been trivial to bypass for years

1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities

CVE-2025-5328 – “Chshcms McCms Remote Path Traversal Vulnerability”

Best Chrome Extensions for Web Designers

InfluxDB Core is a scalable datastore for metrics, events, and real-time analytics

CISA Adds CVE-2025-27363 to KEV Catalog

CVE-2025-3979 – Dazhouda Lcms CSRF Vulnerability

Related Posts