SQL Injection Vulnerability in llisoft MTA Maita Training System Version 4.5
CVE-2025-5170

5.3MEDIUM

Key Information:

Vendor

Llisoft

Status
Mta Maita Training System
Vendor
CVE Published:
26 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-5170?

A security flaw has been identified in llisoft MTA Maita Training System version 4.5, specifically within the AdminShitiController.java file. This vulnerability resides in the AdminShitiListRequestVo function, where improper handling of the input argument stTypeIds allows for remote SQL injection attacks. Attackers can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising application data integrity. Although the vendor was informed of the issue, there has been no indication of a response or patch, leaving users exposed to potential exploitation.

Affected Version(s)

MTA Maita Training System 4.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-5170 - Proof of Concept

References

https://vuldb.com/?id.310258
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310258
signaturepermissions-required
https://vuldb.com/?submit.579069
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

caichaoxiong (VulDB User)
.