Lucene search
K

14 matches found

CVE
CVE
added 2025/03/02 8:0 p.m.86 views

CVE-2025-1831

Affects zj1983 zz (versions up to 2024-8). The GetDBUser function in src/main/java/com/futvan/z/system/zorg/ZorgAction.java is vulnerable to SQL injection via the user_id argument. The issue can be exploited remotely, and public disclosure exists. Multiple connected sources (Red Hat, CVE feeds, C...

9.8CVSS6.8AI score0.00489EPSS
CVE
CVE
added 2025/03/02 7:31 p.m.71 views

CVE-2025-1830

CVE-2025-1830 affects zj1983 zz up to 2024-08, specifically the Customer Information Handler component. The vulnerability arises from manipulation of the Customer Name argument, enabling cross-site scripting (XSS). Attack may be remote; several sources note that the exploit has been disclosed pub...

4.8CVSS3.4AI score0.00353EPSS
CVE
CVE
added 2025/03/03 3:31 a.m.71 views

CVE-2025-1848

CVE-2025-1848 affects zj1983 zz up to 2024-8, with a vulnerability in an unknown function under the file /import_data_check that allows manipulation of the url parameter to trigger server-side request forgery (SSRF). Exploitation can be performed remotely; public disclosures and vendor non-respon...

8.8CVSS6.5AI score0.0047EPSS
CVE
CVE
added 2025/03/02 9:0 p.m.70 views

CVE-2025-1832

CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...

8.8CVSS7.5AI score0.00474EPSS
CVE
CVE
added 2025/03/02 10:0 p.m.70 views

CVE-2025-1834

CVE-2025-1834 affects zj1983 zz up to 2024-8, with a vulnerability in the /resolve endpoint where manipulating the file/argument enables unrestricted upload. The issue is remote-exploitable and the exploit has been disclosed publicly. Several connected sources reiterate the impact on the /resolve...

9.8CVSS7AI score0.00486EPSS
CVE
CVE
added 2025/03/02 5:0 p.m.69 views

CVE-2025-1820

The CVE-2025-1820 entry concerns zj1983 zz (up to 2024-8). Affected is the function getOaWid in src/main/java/com/futvan/z/system/zworkflow/ZworkflowAction.java, where manipulation of the tableId argument enables SQL injection. The vulnerability is exploitable remotely and has public exploits; mu...

8.8CVSS7.3AI score0.00474EPSS
CVE
CVE
added 2025/03/02 6:31 p.m.69 views

CVE-2025-1821

CVE-2025-1821 affects zj1983 zz up to 2024-8. The vulnerability is in getUserOrgForUserId (src/main/java/com/futvan/z/system/zorg/ZorgAction.java): manipulating the userID enables SQL injection. The issue can be exploited remotely; the exploit has been publicly disclosed and the vendor did not re...

9.8CVSS6.7AI score0.00489EPSS
CVE
CVE
added 2025/03/03 3:0 a.m.67 views

CVE-2025-1847

CVE-2025-1847 affects zj1983 zz up to 2024-8. The vulnerability is described as an improper authorization flaw that can be triggered remotely, with an exploit disclosed publicly. Multiple sources (NVD, Red Hat, CVE registries, etc.) consistently report a critical severity with potential high impa...

8.8CVSS6.4AI score0.0047EPSS
CVE
CVE
added 2025/03/02 9:31 p.m.65 views

CVE-2025-1833

CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...

8.8CVSS6.4AI score0.00471EPSS
CVE
CVE
added 2025/03/02 10:0 a.m.63 views

CVE-2025-1813

CVE-2025-1813 affects zj1983 zz up to 2024-08 with a cross-site request forgery vulnerability. Publicly disclosed exploit and remote attack possibility are noted across multiple sources (NVD, Red Hat CVE, CVE lists). The exact vulnerable component/version scope is not specified beyond “unknown fu...

6.5CVSS4.6AI score0.00319EPSS
CVE
CVE
added 2025/03/02 4:0 p.m.62 views

CVE-2025-1818

CVE-2025-1818 affects the product zj1983 zz up to 2024-8, with a vulnerability in the upload path (src/main/java/com/futvan/z/system/zfile/ZfileAction.upload) that allows unrestricted file uploads due to manipulation of the file argument. The issue can be exploited remotely; the exploit has been ...

9.8CVSS6.8AI score0.00584EPSS
Web
CVE
CVE
added 2025/03/03 2:31 a.m.57 views

CVE-2025-1846

CVE-2025-1846 affects the zj1983 zz project (up to 2024-8). The flaw is in the File Handler: ZfileAction.java, function deleteLocalFile, where manipulation of the zids argument can cause a remote denial of service. The attack is remotely initiable and exploits have been disclosed publicly; the ve...

6.5CVSS5.5AI score0.00552EPSS
CVE
CVE
added 2025/03/03 4:0 a.m.55 views

CVE-2025-1849

CVE-2025-1849 affects zj1983 zz, with a vulnerability in the file path /import_data_todb. The issue arises from manipulation of the url parameter, enabling a server-side request forgery (SSRF) that can be exploited remotely. Public exploitation has been disclosed. The affected versions are up to ...

8.8CVSS6.5AI score0.0047EPSS
CVE
CVE
added 2025/03/02 9:0 a.m.51 views

CVE-2025-1812

CVE-2025-1812 affects the GetUserOrg function in SuperZ.java (path: com/futvan/z/framework/core/SuperZ.java). The issue is SQL injection caused by manipulation of the userId argument, enabling remote exploitation. Several sources confirm remote exploitability and public disclosure; vendor respons...

8.8CVSS6.8AI score0.00541EPSS