CNNVD-202509-1855 Information
Sep 14, 2025
cve
CNNVD ID
CNNVD-202509-1855
Related CVE
- CNNVD Published: 2025-09-14
Description (Chinese)
Korzh EasyQuery是Korzh公司的一款查询构建器软件。 Korzh EasyQuery 7.4.0及之前版本存在SQL注入漏洞,该漏洞源于Query Builder UI组件中文件/api/easyquery/models/nwind/fetch处理不当,可能导致SQL注入攻击。
Description (English)
Korzh EasyQuery is a search builder software for Korzh. Korzh EasyQuery 7.4.0 and previous versions had an injection loophole in SQL, which originated from the improper handling of documents/api/easyquery/models/nwind/fetch in the Query Builder UI component, which could lead to an attack on SQL.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
Korzh
Published
2025-09-14
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.323834 https://vuldb.com/?id.323834 https://vuldb.com/?submit.646353 https://access.redhat.com/security/cve/cve-2025-10399
Share on: