CVE 5.3 MEDIUM

kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure_CVE-2025-11406

October 7, 2025 invoker category_cve
5.3 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Basic Information

ID CVE-2025-11406
Source VulDB
Published Oct 7, 2025 at 19:32
Modified Oct 7, 2025 at 19:57

Affected Product

Vendor kaifangqian
Product kaifangqian-base
Version 7b3faecda13848b3ced6c17c7423b76c5b47b8ab
Affected Versions kaifangqian kaifangqian-base 7b3faecda13848b3ced6c17c7423b76c5b47b8ab

CWE Classification

CWE-200 CWE-284

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.