CNNVD-202511-1390 Information

CNNVD ID

CNNVD-202511-1390

Related CVE

CVE-2025-56385

• CNNVD Published: 2025-11-12

Description (Chinese)

WellSky Harmony是美国WellSky公司的一个一体化服务管理平台。 WellSky Harmony 4.1.0.2.83版本存在安全漏洞，该漏洞源于xmHarmony.asp端点中TXTUSERID参数清理不当，可能导致SQL注入攻击。

Description (English)

WellSky Harmony is an integrated service management platform for WellSky in the United States. WellSky Harmony version 4.1.02.83 contains a security loophole, which stems from the inappropriate clean-up of TXTUSERID parameters at xmHarmony.asp end point, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WellSky

Published

2025-11-12

Last Modified

2026-02-24

References

http://harmony.com http://wellsky.com https://machevalia.blog/blog/cve-2025-56385-wellsky-harmony-sql-injection https://access.redhat.com/security/cve/cve-2025-56385