Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase votes at a reduced cost. Furthermore, by modifying the zid parameter, attackers can influence purchases made by other users, amplifying the impact. This issue stems from insufficient server-side validation of these parameters, potentially leading to economic loss and unfair manipulation of vote counts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XiaozhangBang Voluntary Like System 安全漏洞
Vulnerability Description
XiaozhangBang Voluntary Like System是中国校长邦(XiaozhangBang)公司的一个点赞软件。 XiaozhangBang Voluntary Like System V8.8版本存在安全漏洞,该漏洞源于对文件/topfirst.php中参数zhekou和zid的服务器端验证不足,可能导致未经授权的折扣操作和投票操纵。
CVSS Information
N/A
Vulnerability Type
N/A