SQL Injection in JeeWMS Affects Remote Functionality
CVE-2025-5386

5.3MEDIUM

Key Information:

Vendor

JeeWMS

Status
Jeewms
Vendor
CVE Published:
31 May 2025

What is CVE-2025-5386?

A vulnerability present in JeeWMS prior to version 20250504 enables SQL injection through the transEditor functionality of the endpoint /cgformTransController.do?transEditor. This flaw permits remote exploitation, allowing attackers to manipulate SQL queries executed by the application, leading to unauthorized access to the database and potential data compromise. As JeeWMS lacks versioning information, it remains unclear which other versions may also be affected, posing an additional risk for users.

Affected Version(s)

JeeWMS 20250504

References

https://vuldb.com/?id.310679
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310679
signaturepermissions-required
https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV
issue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
.
CVE-2025-5386 : SQL Injection in JeeWMS Affects Remote Functionality