5 matches found
CVE-2025-1832
CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...
CVE-2025-1833
CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...
CVE-2025-1846
CVE-2025-1846 affects the zj1983 zz project (up to 2024-8). The flaw is in the File Handler: ZfileAction.java, function deleteLocalFile, where manipulation of the zids argument can cause a remote denial of service. The attack is remotely initiable and exploits have been disclosed publicly; the ve...
CVE-2025-1849
CVE-2025-1849 affects zj1983 zz, with a vulnerability in the file path /import_data_todb. The issue arises from manipulation of the url parameter, enabling a server-side request forgery (SSRF) that can be exploited remotely. Public exploitation has been disclosed. The affected versions are up to ...
CVE-2025-1812
CVE-2025-1812 affects the GetUserOrg function in SuperZ.java (path: com/futvan/z/framework/core/SuperZ.java). The issue is SQL injection caused by manipulation of the userId argument, enabling remote exploitation. Several sources confirm remote exploitability and public disclosure; vendor respons...