4 matches found
CVE-2025-5888
CVE-2025-5888 affects jsnjfz WebStack-Guns 1.0. The vulnerability is a cross-site request forgery (CSRF) in an unspecified functionality, with the attack described as remotely exploitable and the public disclosure already made. Multiple sources (NVD and related feeds) corroborate CSRF as the issu...
CVE-2025-5887
CVE-2025-5887 affects jsnjfz WebStack-Guns 1.0. The vulnerability lies in the File Upload functionality, specifically the File argument manipulated in UserMgrController.java, enabling cross-site scripting. Exploitation is described as possible remotely, with the exploit disclosed publicly. Multip...
CVE-2025-13811
CVE-2025-13811 affects jsnjfz WebStack-Guns 1.0. The vulnerability is in src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java where manipulation of the argument sort enables an SQL injection. It can be exploited remotely without user interaction. Public PoC/exploit detail...
CVE-2025-13810
CVE-2025-13810 affects jsnjfz WebStack-Guns 1.0. The path traversal vulnerability occurs in KaptchaController.java.renderPicture, where parameter manipulation enables unauthorized file path access. Descriptions indicate a remote attack vector with a publicly available exploit, and vendor contacte...