A vulnerability classified as critical was found in Kenj_Frog ???? company-financial-management ???????? 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 | Exploit Issue Tracking |
| https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 | Exploit Issue Tracking |
| https://vuldb.com/?ctiid.303517 | Permissions Required VDB Entry |
| https://vuldb.com/?id.303517 | Third Party Advisory VDB Entry |
Configurations
History
08 Apr 2025, 18:54
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Kennifrog company Financial Management System
Kennifrog |
|
| CPE | cpe:2.3:a:kennifrog:company_financial_management_system:1.0:*:*:*:*:*:*:* | |
| CWE | CWE-89 | |
| References | () https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 - Exploit, Issue Tracking | |
| References | () https://vuldb.com/?id.303517 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?ctiid.303517 - Permissions Required, VDB Entry |
07 Apr 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-74 |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
06 Apr 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-06 14:15
Updated : 2025-04-08 18:54
NVD link : CVE-2025-3318
Mitre link : CVE-2025-3318
JSON object : View
Products Affected
kennifrog
- company_financial_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')