CVE-2025-3318
MEDIUMKenj_Frog company-financial-management 1.0 - SQL Injection via ShangpinleixingController sort Parameter
Title source: llmDescription
A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.303517
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.303517
Exploit, Issue Tracking exploit
issue-tracking
https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9
Scores
CVSS v3
6.3
EPSS
0.0008
EPSS Percentile
24.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
kennifrog/company_financial_management_system
1.0
Published
Apr 06, 2025
Tracked Since
Feb 18, 2026