CVE-2025-0392 | Guangzhou Huayi Intelligent Technology Jeewms up to 20241229 graphReportController.do datagridGraph store_code sql injection (IBFK93)

Inserito da Angelo Barbosa | Gen 10, 2025 | CVE

A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection.

This vulnerability is traded as CVE-2025-0392. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-0392 | Guangzhou Huayi Intelligent Technology Jeewms up to 20241229 graphReportController.do datagridGraph store_code sql injection (IBFK93)

Post correlati

CVE-2024-52943 | Veritas Enterprise Vault up to 15.1 HTTP Request cross site scripting (ZDI-CAN-24697)

CVE-2024-4963 | D-Link DAR-7000-40 V31R02B1413C /url/url.php file_upload unrestricted upload (SAP10354)

CVE-2024-52944 | Veritas Enterprise Vault up to 15.1 HTTP Request cross site scripting (ZDI-CAN-24698)

CVE-2024-29824 | Ivanti Endpoint Manager RecordGoodApp sql injection