14 matches found
CVE-2025-1831
Affects zj1983 zz (versions up to 2024-8). The GetDBUser function in src/main/java/com/futvan/z/system/zorg/ZorgAction.java is vulnerable to SQL injection via the user_id argument. The issue can be exploited remotely, and public disclosure exists. Multiple connected sources (Red Hat, CVE feeds, C...
CVE-2025-1830
CVE-2025-1830 affects zj1983 zz up to 2024-08, specifically the Customer Information Handler component. The vulnerability arises from manipulation of the Customer Name argument, enabling cross-site scripting (XSS). Attack may be remote; several sources note that the exploit has been disclosed pub...
CVE-2025-1848
CVE-2025-1848 affects zj1983 zz up to 2024-8, with a vulnerability in an unknown function under the file /import_data_check that allows manipulation of the url parameter to trigger server-side request forgery (SSRF). Exploitation can be performed remotely; public disclosures and vendor non-respon...
CVE-2025-1832
CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...
CVE-2025-1834
CVE-2025-1834 affects zj1983 zz up to 2024-8, with a vulnerability in the /resolve endpoint where manipulating the file/argument enables unrestricted upload. The issue is remote-exploitable and the exploit has been disclosed publicly. Several connected sources reiterate the impact on the /resolve...
CVE-2025-1820
The CVE-2025-1820 entry concerns zj1983 zz (up to 2024-8). Affected is the function getOaWid in src/main/java/com/futvan/z/system/zworkflow/ZworkflowAction.java, where manipulation of the tableId argument enables SQL injection. The vulnerability is exploitable remotely and has public exploits; mu...
CVE-2025-1821
CVE-2025-1821 affects zj1983 zz up to 2024-8. The vulnerability is in getUserOrgForUserId (src/main/java/com/futvan/z/system/zorg/ZorgAction.java): manipulating the userID enables SQL injection. The issue can be exploited remotely; the exploit has been publicly disclosed and the vendor did not re...
CVE-2025-1847
CVE-2025-1847 affects zj1983 zz up to 2024-8. The vulnerability is described as an improper authorization flaw that can be triggered remotely, with an exploit disclosed publicly. Multiple sources (NVD, Red Hat, CVE registries, etc.) consistently report a critical severity with potential high impa...
CVE-2025-1833
CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...
CVE-2025-1813
CVE-2025-1813 affects zj1983 zz up to 2024-08 with a cross-site request forgery vulnerability. Publicly disclosed exploit and remote attack possibility are noted across multiple sources (NVD, Red Hat CVE, CVE lists). The exact vulnerable component/version scope is not specified beyond “unknown fu...
CVE-2025-1818
CVE-2025-1818 affects the product zj1983 zz up to 2024-8, with a vulnerability in the upload path (src/main/java/com/futvan/z/system/zfile/ZfileAction.upload) that allows unrestricted file uploads due to manipulation of the file argument. The issue can be exploited remotely; the exploit has been ...
CVE-2025-1846
CVE-2025-1846 affects the zj1983 zz project (up to 2024-8). The flaw is in the File Handler: ZfileAction.java, function deleteLocalFile, where manipulation of the zids argument can cause a remote denial of service. The attack is remotely initiable and exploits have been disclosed publicly; the ve...
CVE-2025-1849
CVE-2025-1849 affects zj1983 zz, with a vulnerability in the file path /import_data_todb. The issue arises from manipulation of the url parameter, enabling a server-side request forgery (SSRF) that can be exploited remotely. Public exploitation has been disclosed. The affected versions are up to ...
CVE-2025-1812
CVE-2025-1812 affects the GetUserOrg function in SuperZ.java (path: com/futvan/z/framework/core/SuperZ.java). The issue is SQL injection caused by manipulation of the userId argument, enabling remote exploitation. Several sources confirm remote exploitability and public disclosure; vendor respons...