CVE-2025-0942

HIGH

Jalios JPlatform <10.0.6 - SQL Injection

Title source: llm
STIX 2.1

Description

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06.

References (3)

Core 3

Scores

CVSS v3 8.6
EPSS 0.0036
EPSS Percentile 28.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Jalios/JPlatform < 10.0.6
Published Apr 07, 2025
Tracked Since Feb 18, 2026