7 matches found
CVE-2025-46579
The CVE-2025-46579 entry concerns ZTE GoldenDB with a DDE injection vulnerability. Attackers can inject DDE expressions via the interface, and when a user downloads and opens the affected file, the DDE commands can be executed. The available sources confirm the existence of this vulnerability and...
CVE-2025-46580
CVE-2025-46580 concerns GoldenDB, a distributed database from ZTE. The connected documents describe a code-related vulnerability that allows attackers to access system tables, leading to disruption of business SQL operations. No specific vulnerable component, software version, or root-cause detai...
CVE-2025-46578
CVE-2025-46578 concerns SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. The connected documents consistently describe GoldenDB’s SQL injection risk but do n...
CVE-2025-46575
Technical details about CVE-2025-46575 are not publicly available in the provided connected documents. Monitor for updates from official advisories for affected products, fixes, and exploit information.
CVE-2025-46577
GoldenDB (ZTE) is affected by a SQL injection vulnerability where the application does not validate externally supplied SQL statements, enabling an attacker to execute arbitrary SQL and potentially exfiltrate data. Affected component: GoldenDB database product; root cause: lack of input validatio...
CVE-2025-46576
The CVE-2025-46576 entry concerns ZTE GoldenDB, a financial-grade transactional distributed database. Affected component: the permission management and access control mechanism. Root cause: improper privilege management allows an attacker to manipulate requests to bypass privilege restrictions an...
CVE-2025-46574
CVE-2025-46574 involves the GoldenDB database product from ZTE, where an input validation vulnerability can lead to information disclosure. The connected sources consistently describe that attackers may cause the system to reveal sensitive data by exploiting how invalid inputs are handled, specif...