CVE Details
Basic Information
| Title | Jingmen Zeyou Large File Upload Control index.jsp sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-26T14:32:05.549Z |
| Modified | 2025-07-26T14:32:05.549Z |
Product Information
| Vendor | Jingmen Zeyou |
|---|---|
| Product | Large File Upload Control |
| Version | 6.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability in Jingmen Zeyou Large File Upload Control allows remote attackers to inject malicious SQL code, potentially leading to data tampering and unauthorized access. The vulnerability is exploitable remotely, and the vendor has not responded to disclosure attempts. This is a critical issue due to the potential for significant data breaches. |
|---|---|
| AI Severity | High |
| AI Vendor | Jingmen Zeyou |
| AI Product | Large File Upload Control |
| AI Version | 6.0, 6.1, 6.2, 6.3 |
Affected Products
- Jingmen Zeyou Large File Upload Control 6.0
- Jingmen Zeyou Large File Upload Control 6.1
- Jingmen Zeyou Large File Upload Control 6.2
- Jingmen Zeyou Large File Upload Control 6.3
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.jsp. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.