CVE-2025-62422 | DataEase up to 2.10.13 Interface tableField tableName sql injection (GHSA-54m5-xrw4-mv36)

Inserito da Angelo Barbosa | Ott 18, 2025 | CVE

A vulnerability was found in DataEase up to 2.10.13 and classified as critical. The impacted element is an unknown function of the file /de2api/datasetData/tableField of the component Interface. The manipulation of the argument tableName results in sql injection.

This vulnerability is reported as CVE-2025-62422. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2025-62422 | DataEase up to 2.10.13 Interface tableField tableName sql injection (GHSA-54m5-xrw4-mv36)

Post correlati

CVE-2024-37002 | Autodesk AutoCAD MODEL File Parser uninitialized pointer

CVE-2024-31114 | biplob018 Shortcode Addons Plugin up to 3.2.5 on WordPress unrestricted upload

CVE-2025-23684 | Eugen Bobrowski Debug Tool Plugin up to 2.2 on WordPress authorization

CVE-2025-43210 | Apple macOS MediaToolbox Framework memory corruption