CVE-2025-0333

Sažetak

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli1.md
https://vuldb.com/?ctiid.290820
https://vuldb.com/?id.290820
https://vuldb.com/?submit.475297
https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli1.md

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-01-2025 - 17:15

Objavljeno

09-01-2025 - 05:15