CVE Details
Basic Information
| Title | llisoft MTA Maita Training System AdminShitiController.java AdminShitiListRequestVo sql injection |
|---|---|
| Type | cve |
| Published | 2025-05-26T05:00:10.873Z |
| Last Seen |
Product Information
| Vendor | llisoft |
|---|---|
| Product | MTA Maita Training System |
| Version | 4.5 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in llisoft MTA Maita Training System 4.5, specifically in the AdminShitiListRequestVo function. This allows remote attackers to execute arbitrary SQL commands via the stTypeIds parameter. The vulnerability has been publicly disclosed, and the vendor has not responded to the issue. |
|---|---|
| AI Severity | Medium |
| Vendor | llisoft |
| Product | MTA Maita Training System |
| Affected Version | 4.5 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | llisoft MTA Maita Training System 4.5 |
Source Information
| Source Data | llisoft MTA Maita Training System 4.5 |
|---|---|
| Source Link |
Description
A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file com\llisoft\controller\admin\shiti\AdminShitiController.java. The manipulation of the argument stTypeIds leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)