10 matches found
CVE-2025-11313
Tipray Data Leakage Prevention System 1.0 has a SQL injection in findRolePage.do (findRolePage) caused by improper handling of the sort parameter. The flaw can be exploited remotely; exploit published. Vendor contact noted with no response. No remediation details are provided in the supplied docu...
CVE-2025-11316
CVE-2025-11316 affects Tipray Data Leakage Prevention System (天锐数据泄露防护系统) version 1.0. The vulnerability is in the function findCategoryPage in the file findCategoryPage.do, where manipulation of the argument tenantId can lead to an SQL injection. The issue is exploitable remotely, and public exp...
CVE-2025-11309
Tipray Data Leakage Prevention System 1.0 is affected. The vulnerability lies in the doFilter function of findDeptPage.do, where manipulation of the sort parameter enables SQL injection. It can be exploited remotely, with public exploit availability noted by multiple sources. Impact includes high...
CVE-2025-11318
Tipray Data Leakage Prevention System 1.0 contains a vulnerability in the file uploadWxFile.do endpoint where manipulating the File parameter allows unrestricted file uploads. The issue is exploitable remotely and details, including that exploits have been released publicly, are noted across mult...
CVE-2025-11317
Tipray Data Leakage Prevention System 1.0 is affected. The SQL injection vulnerability arises in the findRolePage function within findSingConfigPage.do, caused by manipulation of the sort parameter. Exploitation can be performed remotely, and a public exploit is available. Vendor was contacted bu...
CVE-2025-11310
Tipray Data Leakage Prevention System 1.0 is affected. The vulnerability resides in findFileServerPage.do, specifically the findFileServerPage function, where manipulating the sort argument enables SQL injection. It is remotely exploitable and has reportedly been exploited publicly. Multiple conn...
CVE-2025-11311
Tipray Data Leakage Prevention System 1.0 is affected. The vulnerability lies in the findTenantPage.do file, specifically the findTenantPage function, where manipulation of the sort argument enables SQL injection. Attacks can be initiated remotely, and public exploitation has been disclosed. The ...
CVE-2025-11312
Tipray Data Leakage Prevention System 1.0 is affected. The vulnerability lies in the findModulePage.do implementation (function findModulePage) where manipulating the sort parameter triggers SQL injection. It is a remote, network-accessible flaw with a high impact on confidentiality, integrity, a...
CVE-2025-11314
Summary: CVE-2025-11314 affects Tipray Data Leakage Prevention System 1.0. The vulnerability is in the function findRolePage of the file findSingConfigPage.do , where manipulation of the sort argument enables an SQL injection. The attack could be launched remotely, and an exploit has been disclos...
CVE-2025-11315
Tipray Data Leakage Prevention System 1.0 is affected. The vulnerability is in the findUserPage.do file, specifically the findUserPage function, where manipulation of the sort argument enables SQL injection. It is remotely exploitable and the exploit has been made public. The vendor was contacted...