CVE Details
Basic Information
| Title | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engine |
|---|---|
| Type | cve |
| Published | 2025-05-29T19:31:04.427Z |
| Last Seen |
Product Information
| Vendor | zhilink 智互联(深圳)科技有限公司 |
|---|---|
| Product | ADP Application Developer Platform 应用开发者平台 |
| Version | 1.0.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in the ADP Application Developer Platform allows remote attackers to exploit improper neutralization of special elements in a template engine, potentially leading to security breaches. |
|---|---|
| AI Severity | Medium |
| Vendor | 深圳智互联科技有限公司 |
| Product | ADP Application Developer Platform |
| Affected Version | 1.0.0 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-1336, CWE-791 |
| Bulletin Family | |
| Source Data | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 |
Source Information
| Source Data | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 |
|---|---|
| Source Link |
Description
A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)