SQL Injection Vulnerability in Founder Enjoys All-Media Acquisition and Editing System by Beijing Founder Electronics
CVE-2025-2117
Key Information:
- Vendor
Beijing Founder Electronics
- Vendor
- CVE Published:
- 9 March 2025
Badges
What is CVE-2025-2117?
A vulnerability exists in the Founder Enjoys All-Media Acquisition and Editing System 3.0 that allows for SQL injection through the electricDocList function located in /newsedit/report/reportCenter.do. By manipulating the fvID or catID parameters, an attacker may execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the database. This issue can be exploited remotely, making it crucial for users to secure their systems against possible attacks. The lack of vendor response to the exploit's public disclosure raises significant concerns regarding the timely addressing of vulnerabilities.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Founder Enjoys All-Media Acquisition and Editing System 3.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved