CVE-2025-3997 – Dazhouda lecms Cross-Site Request Forgery (CSRF) Vulnerability

April 28, 2025

CVE ID : CVE-2025-3997

Published : April 28, 2025, 3:15 a.m. | 5 hours, 13 minutes ago

Description : A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3998 – CodeAstro Membership Management System SQL Injection Vulnerability

Next Article CVE-2025-3706 – 104 Corporation eHRMS Reflected Cross-site Scripting Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3997 – Dazhouda lecms Cross-Site Request Forgery (CSRF) Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

Datasette is a tool for exploring and publishing data

Classic Outlook for Windows gets smarter with enhanced meeting scheduling

CVE-2025-4814 – Campcodes Sales and Inventory System SQL Injection

Generate videos in Gemini and Whisk with Veo 2

CVE-2025-46241 – Codepeople Appointment Booking Calendar CSRF-Enabled SQL Injection

CVE-2025-21479 – NVIDIA GPU Unauthenticated Command Execution Vulnerability

YouTube app for Xbox, PlayStation, and Smart TVs gets a refreshing update that fixes a frustrating flaw

CVE-2025-4012 – Playeduxyz PlayEdu SSRF Vulnerability

CVE-2025-3997 – Dazhouda lecms Cross-Site Request Forgery (CSRF) Vulnerability

Related Posts