SQL Injection Vulnerability in JeeWMS by JeeWMS Team
CVE-2025-5388

5.3MEDIUM

Key Information:

Vendor

JeeWMS Team

Status
Jeewms
Vendor
CVE Published:
31 May 2025

What is CVE-2025-5388?

A security vulnerability has been identified in JeeWMS affecting its dogenerate function within the /generateController.do?dogenerate file. This vulnerability allows remote attackers to perform SQL injection, potentially compromising the integrity and confidentiality of the database. The product implements a rolling release strategy, which complicates the identification of specific affected versions. Organizations using JeeWMS should assess their installations for potential exposure and apply necessary security measures.

Affected Version(s)

JeeWMS 20250504

References

https://vuldb.com/?id.310681
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310681
signaturepermissions-required
https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV
issue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
.