26 matches found
CVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60265
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...
EUVD-2025-33406
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...
EUVD-2025-33404
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60265
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60265
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60265
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60265
The CVE-2025-60265 issue affects xckk v9.6 and is caused by insufficient filtering of the orderBy parameter in the /user/list endpoint, enabling SQL injection. The vulnerability is documented across multiple sources (e.g., Red Hat CVE page, EUVD/ENISA entries, and PT-2025-41411) with a described ...
PT-2025-41443
Name of the Vulnerable Software and Affected Versions xckk version 9.6 Description The software contains a SQL injection issue due to insufficient filtering of the orderBy parameter within the ''/address/list'' API endpoint. This allows for potential unauthorized database access or modification...
CVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...
CVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...
xckk 安全漏洞
xckk small dishes low-code development platform is a low-code development platform open source by China Cloud Network Software bestfeng. A security vulnerability exists in xckk v9.6, which stems from the orderBy parameter in address/list is not securely filtered, which may lead to SQL injection...
CVE-2025-60267
Summary of CVE-2025-60267 : Several sources describe a SQL injection vulnerability in the xckk v9.6 platform, arising from insufficient filtering of the cond parameter in the /notice/list API endpoint. The root cause is improper input handling that allows attacker-controlled input to influence SQ...