SQL Injection Vulnerability in Zhilink ADP Application Developer Platform
CVE-2025-8806

5.3MEDIUM

Key Information:

Vendor

Zhilink 智互联(深圳)科技有限公司

Status
Adp Application Developer Platform 应用开发者平台
Vendor
CVE Published:
10 August 2025

What is CVE-2025-8806?

A SQL injection vulnerability has been identified in the Zhilink ADP Application Developer Platform version 1.0.0, specifically affecting the '/adpweb/a/sys/office/treeData' endpoint. The vulnerability arises from improper handling of the 'extId' parameter, allowing attackers to execute arbitrary SQL queries remotely. This significant flaw allows potential data exposure and manipulation, posing a serious threat to users of the affected platform. Despite early disclosure to the vendor, no responsive action has been taken.

Affected Version(s)

ADP Application Developer Platform 应用开发者平台 1.0.0

References

https://vuldb.com/?id.319335
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319335
signaturepermissions-required
https://vuldb.com/?submit.626189
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Id3al (VulDB User)
.