CVE-2025-5170 | llisoft MTA Maita Training System 4.5 AdminShitiController.java AdminShitiListRequestVo stTypeIds sql injection

Inserito da Angelo Barbosa | Mag 25, 2025 | CVE

A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file comllisoftcontrolleradminshitiAdminShitiController.java. The manipulation of the argument stTypeIds leads to sql injection.

This vulnerability was named CVE-2025-5170. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5170 | llisoft MTA Maita Training System 4.5 AdminShitiController.java AdminShitiListRequestVo stTypeIds sql injection

Post correlati

CVE-2022-49052 | Linux Kernel up to 4.19.241/5.4.192/5.10.111/5.15.34/5.17.3 memory allocation

CVE-2024-57916 | Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6 GPIO IRQ generic_handle_irq denial of service

CVE-2025-22891 | F5 BIG-IP up to 16.1.4/17.1.1 Diameter Endpoint release of resource (K000139778)

CVE-2024-1533 | Averta Shortcodes and Extra Features for Phlox Theme up to 2.15.5 on WordPress cross site scripting