Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection_CVE-2025-13268

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can be launched remotely. The exploit has been published and may be used.

Basic Information

ID CVE-2025-13268

Source VulDB

Published Nov 17, 2025 at 07:02

Affected Product

Vendor Dromara

Product dataCompare

Version 1.0.0

Affected Versions Dromara dataCompare 1.0.0
Dromara dataCompare 1.0.1

CWE Classification

CWE-74 CWE-707

References

{
    "lastseen": "",
    "description": "A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can be launched remotely. The exploit has been published and may be used.",
    "published": "2025-11-17T07:02:08.083Z",
    "modified": "2025-11-17T07:02:08.083Z",
    "type": "cve",
    "title": "Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332603\nhttps://vuldb.com/?ctiid.332603\nhttps://vuldb.com/?submit.689460\nhttps://github.com/dromara/dataCompare/issues/13",
    "id": "CVE-2025-13268",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74",
        "CWE-707"
    ],
    "cvelist": null,
    "sourceData": "Dromara dataCompare 1.0.0\nDromara dataCompare 1.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dataCompare",
    "version": "1.0.0",
    "vendor": "Dromara",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}