Lucene search
K

5 matches found

CVE
CVE
added 2025/03/02 9:0 p.m.73 views

CVE-2025-1832

CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...

8.8CVSS7.5AI score0.00485EPSS
CVE
CVE
added 2025/03/02 9:31 p.m.68 views

CVE-2025-1833

CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...

8.8CVSS6.4AI score0.00471EPSS
CVE
CVE
added 2025/03/03 2:31 a.m.63 views

CVE-2025-1846

CVE-2025-1846 affects the zj1983 zz project (up to 2024-8). The flaw is in the File Handler: ZfileAction.java, function deleteLocalFile, where manipulation of the zids argument can cause a remote denial of service. The attack is remotely initiable and exploits have been disclosed publicly; the ve...

6.5CVSS5.5AI score0.00565EPSS
CVE
CVE
added 2025/03/03 4:0 a.m.57 views

CVE-2025-1849

CVE-2025-1849 affects zj1983 zz, with a vulnerability in the file path /import_data_todb. The issue arises from manipulation of the url parameter, enabling a server-side request forgery (SSRF) that can be exploited remotely. Public exploitation has been disclosed. The affected versions are up to ...

8.8CVSS6.5AI score0.0047EPSS
CVE
CVE
added 2025/03/02 9:0 a.m.53 views

CVE-2025-1812

CVE-2025-1812 affects the GetUserOrg function in SuperZ.java (path: com/futvan/z/framework/core/SuperZ.java). The issue is SQL injection caused by manipulation of the userId argument, enabling remote exploitation. Several sources confirm remote exploitability and public disclosure; vendor respons...

8.8CVSS6.8AI score0.00554EPSS