CNNVD-202511-367 Information

Nov 05, 2025 cve

CNNVD ID

CNNVD-202511-367

CVE-2025-60784

CNNVD Published: 2025-11-05

Description (Chinese)

XiaozhangBang Voluntary Like System是中国校长邦（XiaozhangBang）公司的一个点赞软件。 XiaozhangBang Voluntary Like System V8.8版本存在安全漏洞，该漏洞源于对文件/topfirst.php中参数zhekou和zid的服务器端验证不足，可能导致未经授权的折扣操作和投票操纵。

Description (English)

XiaozhangBang Voluntary Like Systems is a complimentary software for the Chinese Rector of Xiaozhang Bang. There is a security loophole in version Xiaozhangbang Voluntary Like System V8.8, which results from inadequate server-end verification of the parameters zhekou and zid in document/topfirst.php, which may lead to unauthorized discount operations and voting manipulation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

校长邦

Published

2025-11-05

Last Modified

2026-02-24

References

https://github.com/GoogTech/CVE/blob/master/Incorrect%20Access%20Control/Incorrect-Access-Control-in-XiaozhangBang-Voluntary-Like-System-V8.8.md https://github.com/GoogTech/CVE/blob/master/Incorrect-Access-Control-in-XiaozhangBang-Voluntary-Like-System-V8.8.md

Share on: