Lucene search
K

8 matches found

Nuclei
Nuclei
added 2026/02/04 7:0 a.m.10 views

Fanwei e-cology - SQL Injection

Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data. id: CVE-2025-34038 info: name: Fanwei e-cology - SQL Injection author: ritikchaddha severit...

8.7CVSS8.3AI score0.01837EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19038

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.01837EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/06/26 3:12 a.m.9 views

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

8.7CVSS6.2AI score0.01837EPSS
Exploits1References1
NVD
NVD
added 2025/06/24 2:15 a.m.7 views

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

8.7CVSS0.01837EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/06/24 1:6 a.m.6 views

CVE-2025-34038 Weaver E-cology SQL Injection

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

8.7CVSS6.2AI score0.01837EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/24 1:6 a.m.14 views

CVE-2025-34038 Weaver E-cology SQL Injection

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

8.7CVSS0.01837EPSS
Exploits1References4
CVE
CVE
added 2025/06/24 1:6 a.m.36 views

CVE-2025-34038

Weaver e-cology 8.0 is affected by a SQL injection in getdata.jsp via the unsanitized sql parameter, exploited through the getSelectAllIds(sql, type) workflow in AjaxManager. Unauthenticated attackers can run arbitrary SQL queries and may access sensitive data (e.g., administrator password hashes...

8.7CVSS6.2AI score0.01837EPSS
In wildExploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.4 views

PT-2025-26669 · Fanwei · Fanwei E-Cology

Name of the Vulnerable Software and Affected Versions: Fanwei e-cology versions 8.0 and prior Description: A SQL injection issue exists, allowing unauthenticated attackers to execute arbitrary SQL queries via the "getdata.jsp" endpoint. The application passes unsanitized user input from the sql...

8.7CVSS8AI score0.01837EPSS
Exploits1References9
Rows per page
Query Builder