CVE-2025-14780 | Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 dish_trade_detail_get filter sql injection

Inserito da Angelo Barbosa | Dic 16, 2025 | CVE

A vulnerability was found in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 and classified as critical. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of the argument filter results in sql injection.

This vulnerability is identified as CVE-2025-14780. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2025-14780 | Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 dish_trade_detail_get filter sql injection

Post correlati

CVE-2025-8878 | ProfilePress Plugin up to 4.16.4 on WordPress Shortcode Remote Code Execution

CVE-2024-1786 | D-Link DIR-600M C1 3.08 Telnet Service username buffer overflow

CVE-2024-21855 | GoCast 1.1.3 HTTP API missing authentication (TALOS-2024-1962)

CVE-2024-7583 | Tenda i22 1.0.0.3(4687) apPortalOneKeyAuth formApPortalOneKeyAuth data buffer overflow