CVE-2025-1821 | zj1983 zz up to 2024-8 ZorgAction.java getUserOrgForUserId userID sql injection

Inserito da Angelo Barbosa | Mar 1, 2025 | CVE

A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection.

This vulnerability is handled as CVE-2025-1821. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1821 | zj1983 zz up to 2024-8 ZorgAction.java getUserOrgForUserId userID sql injection

Post correlati

CVE-2024-45622 | ASIS Aplikasi Sistem Sekolah using CodeIgniter up to 3.2.0 index.php username sql injection

CVE-2024-10397 | OpenAFS up to 1.6.24/1.8.12.2/1.9.1 out-of-bounds write

CVE-2023-40156 | Intel SSU Software prior 3.0.0.2 uncontrolled search path (intel-sa-01011)

CVE-2024-38868 | Zoho ManageEngine Endpoint Central prior 11.3.2400.15/11.3.2406.08 authorization