CVE-2025-1831 | zj1983 zz up to 2024-8 ZorgAction.java GetDBUser user_id sql injection

Inserito da Angelo Barbosa | Mar 1, 2025 | CVE

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection.

This vulnerability is traded as CVE-2025-1831. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1831 | zj1983 zz up to 2024-8 ZorgAction.java GetDBUser user_id sql injection

Post correlati

CVE-2024-27517 | Webasyst 2.9.9 Blog cross site scripting (Issue 377)

CVE-2024-38481 | Dell iDRAC Service Module up to 5.3.0.0 out-of-bounds (dsa-2024-086)

CVE-2024-21896 | Node.js up to 20.11.0/21.6.1 Experimental Permission Model path traversal

CVE-2024-46818 | Linux Kernel up to 6.10.8 AMD Display gpio_id array index