CVE-2025-60784
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2025-11-06

Assigner: MITRE

Description
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase votes at a reduced cost. Furthermore, by modifying the zid parameter, attackers can influence purchases made by other users, amplifying the impact. This issue stems from insufficient server-side validation of these parameters, potentially leading to economic loss and unfair manipulation of vote counts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2025-11-06
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60784
EUVD
EUVD-2025-37929
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xiaozhangbang voluntary_like_system 8.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the XiaozhangBang Voluntary Like System V8.8, where remote attackers can manipulate the 'zhekou' parameter in the /topfirst.php Pay module by sending crafted HTTP POST requests. This allows them to set an abnormally low discount value, enabling unauthorized discounts on purchases. Additionally, by modifying the 'zid' parameter, attackers can affect purchases made by other users. The root cause is insufficient server-side validation of these parameters.

Impact Analysis

The vulnerability can lead to economic loss due to unauthorized discounts and unfair manipulation of vote counts. Attackers can purchase votes at reduced costs and influence other users' purchases, potentially undermining the integrity of the voting system and causing financial damage.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart