Korzh EasyQuery Query Builder UI fetch sql injection_CVE-2025-10399

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-10399

Source VulDB

Published Sep 14, 2025 at 13:02

Affected Product

Vendor Korzh

Product EasyQuery

Version 7.0

Affected Versions Korzh EasyQuery 7.0
Korzh EasyQuery 7.1
Korzh EasyQuery 7.2
Korzh EasyQuery 7.3
Korzh EasyQuery 7.4.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-09-14T13:02:06.030Z",
    "modified": "2025-09-14T13:02:06.030Z",
    "type": "cve",
    "title": "Korzh EasyQuery Query Builder UI fetch sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323834\nhttps://vuldb.com/?ctiid.323834\nhttps://vuldb.com/?submit.646353",
    "id": "CVE-2025-10399",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Korzh EasyQuery 7.0\nKorzh EasyQuery 7.1\nKorzh EasyQuery 7.2\nKorzh EasyQuery 7.3\nKorzh EasyQuery 7.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EasyQuery",
    "version": "7.0",
    "vendor": "Korzh",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}