CVE-2025-5433 | Fengoffice Feng Office 3.5.1.5 index.php?c=account&a=set_timezone tz_offset sql injection

Inserito da Angelo Barbosa | Giu 1, 2025 | CVE

A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection.

This vulnerability is handled as CVE-2025-5433. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5433 | Fengoffice Feng Office 3.5.1.5 index.php?c=account&a=set_timezone tz_offset sql injection

Post correlati

CVE-2024-8991 | OSM Plugin up to 6.1.0 on WordPress Shortcode osm_map/osm_map_v3 cross site scripting

CVE-2022-4975 | Red Hat Advanced Cluster Security Portal /main/configmanagement/ cross site scripting

CVE-2024-8210 | D-Link DNS-1550-04 up to 20240814 /cgi-bin/hd_config.cgi sprintf f_mount command injection (SAP10383)

CVE-2023-45289 | net-http-cookiejar up to 1.21.7/1.22.0 on Go HTTP Header information disclosure