Aggregator

CVE-2025-1821 | zj1983 zz up to 2024-8 ZorgAction.java getUserOrgForUserId userID sql injection(link is external)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection. This vulnerability is handled as CVE-2025-1821. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1820 | zj1983 zz up to 2024-8 ZworkflowAction.java getOaWid tableId sql injection(link is external)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Affected by this vulnerability is the function getOaWid of the file src/main/java/com/futvan/z/system/zworkflow/ZworkflowAction.java. The manipulation of the argument tableId leads to sql injection. This vulnerability is known as CVE-2025-1820. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1819 | Tenda AC7 1200M 15.03.06.44 /goform/telnet TendaTelnet lan_ip os command injection(link is external)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. This vulnerability is traded as CVE-2025-1819. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-1818 | zj1983 zz up to 2024-8 ZfileAction.upload file unrestricted upload(link is external)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The identification of this vulnerability is CVE-2025-1818. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1817 | Mini-Tmall up to 20250211 Admin Name /admin cross site scripting(link is external)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-1817. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad