CVE Details
Basic Information
| Title |
JeeWMS cgAutoListController.do CgAutoListController sql injection |
| Type |
cve |
| Published |
2025-05-31T16:00:09.839Z |
| Last Seen |
|
Product Information
| Vendor |
n/a |
| Product |
JeeWMS |
| Version |
20250504 |
CVSS Information
| Base Score |
5.3 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A critical SQL injection vulnerability in JeeWMS allows remote attackers to execute arbitrary SQL commands via the CgAutoListController function. The vulnerability affects versions up to 20250504 and can be exploited remotely. |
| AI Severity |
Critical |
| Vendor |
JeeWMS |
| Product |
JeeWMS |
| Affected Version |
20250504 |
Additional Information
| CVE List |
|
| CWE List |
CWE-89, CWE-74 |
| Bulletin Family |
|
| Source Data |
n/a JeeWMS 20250504 |
Source Information
| Source Data |
n/a JeeWMS 20250504 |
| Source Link |
|
Description
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score Summary
View Full CVE Details
