A vulnerability classified as critical was found in Kenj_Frog ???? company-financial-management ???????? 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 | Exploit Issue Tracking |
| https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 | Exploit Issue Tracking |
| https://vuldb.com/?ctiid.303517 | Permissions Required VDB Entry |
| https://vuldb.com/?id.303517 | Third Party Advisory VDB Entry |
Configurations
History
08 Apr 2025, 18:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 - Exploit, Issue Tracking | |
| References | () https://vuldb.com/?id.303517 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?ctiid.303517 - Permissions Required, VDB Entry | |
| First Time |
Kennifrog company Financial Management System
Kennifrog |
|
| CPE | cpe:2.3:a:kennifrog:company_financial_management_system:1.0:*:*:*:*:*:*:* | |
| CWE | CWE-89 |
07 Apr 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-74 |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
06 Apr 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-06 14:15
Updated : 2025-04-08 18:54
NVD link : CVE-2025-3318
Mitre link : CVE-2025-3318
JSON object : View
Products Affected
kennifrog
- company_financial_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
