CVE-2025-0558 | TDuckCloud tduck-platform up to 4.0 QueryProThemeRequest.java QueryProThemeRequest color sql injection

A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection.

This vulnerability was named CVE-2025-0558. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0558 | TDuckCloud tduck-platform up to 4.0 QueryProThemeRequest.java QueryProThemeRequest color sql injection

Related Posts

CVE-2023-6842 | Formidable Forms Plugin up to 6.7 on WordPress cross site scripting

CVE-2023-49047 | Tenda AX1803 1.0.0.1 formSetDeviceName devName stack-based overflow

CVE-2024-50989 | PHPGurukul Online Marriage Registration System 1.0 /omrs/admin/search.php searchdata sql injection

CVE-2023-6566 | Microweber up to 1.x logic error