ketr JEPaaS readAllPostil sql injection_CVE-2025-14694

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14694

Source VulDB

Published Dec 15, 2025 at 00:32

Affected Product

Vendor ketr

Product JEPaaS

Version 7.2.0

Affected Versions ketr JEPaaS 7.2.0
ketr JEPaaS 7.2.1
ketr JEPaaS 7.2.2
ketr JEPaaS 7.2.3
ketr JEPaaS 7.2.4
ketr JEPaaS 7.2.5
ketr JEPaaS 7.2.6
ketr JEPaaS 7.2.7
ketr JEPaaS 7.2.8

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-15T00:32:06.939Z",
    "modified": "2025-12-15T00:32:06.939Z",
    "type": "cve",
    "title": "ketr JEPaaS readAllPostil sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336412\nhttps://vuldb.com/?ctiid.336412\nhttps://vuldb.com/?submit.707178\nhttps://github.com/c3p0ooo-Yiqiyin/JEPaaS-readAllPostil-SQL-Injection-Vulnerability/blob/main/README.md",
    "id": "CVE-2025-14694",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "ketr JEPaaS 7.2.0\nketr JEPaaS 7.2.1\nketr JEPaaS 7.2.2\nketr JEPaaS 7.2.3\nketr JEPaaS 7.2.4\nketr JEPaaS 7.2.5\nketr JEPaaS 7.2.6\nketr JEPaaS 7.2.7\nketr JEPaaS 7.2.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JEPaaS",
    "version": "7.2.0",
    "vendor": "ketr",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}