CVE-2025-1812 | zj1983 zz up to 2024-08 SuperZ.java GetUserOrg userId sql injection

Inserito da Angelo Barbosa | Mar 1, 2025 | CVE

A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection.

This vulnerability is traded as CVE-2025-1812. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1812 | zj1983 zz up to 2024-08 SuperZ.java GetUserOrg userId sql injection

Post correlati

CVE-2024-28130 | OFFIS DCMTK 3.6.8 createFromImage type conversion (TALOS-2024-1957)

CVE-2024-51379 | JATOS 3.9.3 description cross site scripting

CVE-2024-11667 | Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN up to 5.38 URL path traversal

CVE-2023-47634 | Decidim up to 0.26.8/0.27.4 Endorsement race condition