CVE Details
Basic Information
| Title | JeeWMS cgformTransController.do transEditor sql injection |
|---|---|
| Type | cve |
| Published | 2025-05-31T17:00:07.691Z |
| Last Seen |
Product Information
| Vendor | n/a |
|---|---|
| Product | JeeWMS |
| Version | 20250504 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in JeeWMS up to version 20250504, specifically in the transEditor function of the /cgformTransController.do?transEditor endpoint. This allows remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation. |
|---|---|
| AI Severity | Medium |
| Vendor | JeeWMS |
| Product | JeeWMS |
| Affected Version | up to 20250504 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | n/a JeeWMS 20250504 |
Source Information
| Source Data | n/a JeeWMS 20250504 |
|---|---|
| Source Link |
Description
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)