CVE-2025-3318 Information

Description

A vulnerability classified as critical was found in Kenj_Frog ???? company-financial-management ???????? 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore version details for affected and updated releases are not available.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9 https://vuldb.com/?ctiid.303517 https://vuldb.com/?id.303517

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3