CNNVD-202512-826 Information

Dec 07, 2025 cve

CNNVD ID

CNNVD-202512-826

CVE-2025-14190

CNNVD Published: 2025-12-07

Description (Chinese)

Chanjet TPlus是中国畅捷通（Chanjet）公司的一个企业云平台。 Chanjet TPlus 20251121及之前版本存在SQL注入漏洞，该漏洞源于对文件/tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load中参数currentAccId的错误操作，可能导致SQL注入。

Description (English)

Chanjet Tulus is a business cloud platform for Chanjet Corporation in China. Chanjet TPLs 20255121 and previous versions had an injection loophole in SQL, which stemmed from an error in the use of the parameters currentAccId in document /tplus/ajaxpro/Ufida.T.UM.UIP.MultiCommanySettingController, Ufida.T.SMP.ashx?method=Load, which could lead to SQL injection.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

畅捷通

Published

2025-12-07

Last Modified

2026-02-24

References

https://github.com/hacker-routing/Changjetong-T-/issues/1 https://vuldb.com/?ctiid.334610 https://github.com/hacker-routing/Changjetong-T-/issues/1#issue-3646765351 https://vuldb.com/?id.334610 https://vuldb.com/?submit.699144 https://access.redhat.com/security/cve/cve-2025-14190

Share on: