CVE-2025-8126

A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS

No CVSS.

References

Link	Resource
https://gitee.com/deerwms/deer-wms-2/issues/ICLQUE
https://gitee.com/deerwms/deer-wms-2/issues/ICLQUE
https://vuldb.com/?ctiid.317511
https://vuldb.com/?id.317511
https://vuldb.com/?submit.619694

Configurations

No configuration.

History

25 Jul 2025, 12:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CWE	CWE-89 CWE-74

25 Jul 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-25 03:15

Updated : 2025-07-25 15:29

NVD link : CVE-2025-8126

Mitre link : CVE-2025-8126

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-8126

Attach tags to `CVE-2025-8126`