CVE-2025-34038 Information
Jun 26, 2025
cve
Description
A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql type) method reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries potentially exposing sensitive data such as administrator password hashes.
Reference
https://vulncheck.com/advisories/fanwei-ecology-sql-injection https://www.cnblogs.com/0day-li/p/14637680.html https://www.cnvd.org.cn/flaw/show/CNVD-2021-33202 https://www.weaver.com.cn/
Related CNNVD
CNNVD-202506-3026 (Published: 2025-06-24)
Share on: