CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2025-10703 (GCVE-0-2025-10703)
Vulnerability from cvelistv5 – Published: 2025-11-19 15:47 – Updated: 2026-02-26 16:21
VLAI
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.
The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file. If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served. The attacker could fetch the resource from the server causing the java script to be executed.
This issue affects:
DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541
DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833
DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628
DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279
DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344
DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063
DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964
DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525
DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410
DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727
DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851
DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198
DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957
DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587
DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669
DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364
DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776
DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458
DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316
DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309
DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856
DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189
DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125
DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired
DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858
DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162
DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856
DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430
DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023
DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339
DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430
DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183
DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
33 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress | DataDirect Connect for JDBC for Amazon Redshift |
Affected:
0 , ≤ 6.0.0.001392
(custom)
Unaffected: 6.0.0.001541 (custom) |
|
| Progress | DataDirect Connect for JDBC for Apache Cassandra |
Affected:
0 , ≤ 6.0.0.000805
(custom)
Unaffected: 6.0.0.000833 (custom) |
|
| Progress | DataDirect Connect for JDBC for Hive |
Affected:
0 , ≤ 6.0.1.001499
(custom)
Unaffected: 6.0.1.001628 (custom) |
|
| Progress | DataDirect Connect for JDBC for Apache Impala |
Affected:
0 , ≤ 6.0.0.001155
(custom)
Unaffected: 6.0.0.1279 (custom) |
|
| Progress | DataDirect Connect for JDBC for Apache SparkSQL |
Affected:
0 , ≤ 6.0.1.001222
(custom)
Unaffected: 6.0.1.001344 (custom) |
|
| Progress | DataDirect Connect for JDBC Autonomous REST Connector |
Affected:
0 , ≤ 6.0.1.006961
(custom)
Unaffected: 6.0.1.007063 (custom) |
|
| Progress | DataDirect Connect for JDBC for DB2 |
Affected:
0 , ≤ 6.0.0.000717
(custom)
Unaffected: 6.0.0.000964 (custom) |
|
| Progress | DataDirect Connect for JDBC for Google Analytics 4 |
Affected:
0 , ≤ 6.0.0.000454
(custom)
Unaffected: 6.0.0.000525 |
|
| Progress | DataDirect Connect for JDBC for Google BigQuery |
Affected:
0 , ≤ 6.0.0.002279
(custom)
Unaffected: 6.0.0.002410 (custom) |
|
| Progress | DataDirect Connect for JDBC for Greenplum |
Affected:
0 , ≤ 6.0.0.001712
(custom)
Unaffected: 6.0.0.001727 (custom) |
|
| Progress | DataDirect Connect for JDBC for Informix |
Affected:
0 , ≤ 6.0.0.000690
(custom)
Unaffected: 6.0.0.000851 (custom) |
|
| Progress | DataDirect Connect for JDBC for Microsoft Dynamics 365 |
Affected:
0 , ≤ 6.0.0.003161
(custom)
Unaffected: 6.0.0.003198 (custom) |
|
| Progress | DataDirect Connect for JDBC for Microsoft SQLServer |
Affected:
0 , ≤ 6.0.0.001936
(custom)
Unaffected: 6.0.0.001957 (custom) |
|
| Progress | DataDirect Connect for JDBC for Microsoft Sharepoint |
Affected:
0 , ≤ 6.0.0.001559
(custom)
Unaffected: 6.0.0.001587 (custom) |
|
| Progress | DataDirect Connect for JDBC for MongoDB |
Affected:
0 , ≤ 6.1.0.001654
(custom)
Unaffected: 6.1.0.001669 (custom) |
|
| Progress | DataDirect Connect for JDBC for MySQL |
Affected:
0 , ≤ 5.1.4.000330
(custom)
Unaffected: 5.1.4.000364 (custom) |
|
| Progress | DataDirect Connect for JDBC for Oracle Database |
Affected:
0 , ≤ 6.0.0.001747
(custom)
Unaffected: 6.0.0.001776 (custom) |
|
| Progress | DataDirect Connect for JDBC for Oracle Eloqua |
Affected:
0 , ≤ 6.0.0.001438
(custom)
Unaffected: 6.0.0.001458 (custom) |
|
| Progress | DataDirect Connect for JDBC for Oracle Sales Cloud |
Affected:
0 , ≤ 6.0.0.001225
(custom)
Unaffected: 6.0.0.001316 (custom) |
|
| Progress | DataDirect Connect for JDBC for Oracle Service Cloud |
Affected:
0 , ≤ 5.1.4.000298
(custom)
Unaffected: 5.1.4.000309 (custom) |
|
| Progress | DataDirect Connect for JDBC for PostgreSQL |
Affected:
0 , ≤ 6.0.0.001843
(custom)
Unaffected: 6.0.0.001856 (custom) |
|
| Progress | DataDirect Connect for JDBC for Progress OpenEdge |
Affected:
0 , ≤ 5.1.4.000187
(custom)
Unaffected: 5.1.4.000189 (custom) |
|
| Progress | DataDirect Connect for JDBC for Salesforce |
Affected:
0 , ≤ 6.0.0.003020
(custom)
Unaffected: 6.0.0.003125 (custom) |
|
| Progress | DataDirect Connect for JDBC for SAP HANA |
Affected:
0 , ≤ 6.0.0.000879
(custom)
|
|
| Progress | DataDirect Connect for JDBC for SAP S/4 HANA |
Affected:
0 , ≤ 6.0.0.001818
(custom)
Unaffected: 6.0.1.001858 (custom) |
|
| Progress | DataDirect Connect for JDBC for Sybase ASE |
Affected:
0 , ≤ 5.1.4.000161
(custom)
Unaffected: 5.1.4.000162 (custom) |
|
| Progress | DataDirect Connect for JDBC for Snowflake |
Affected:
0 , ≤ 6.0.1.001821
(custom)
Unaffected: 6.0.1.001856 (custom) |
|
| Progress | DataDirect Hybrid Data Pipeline Server |
Affected:
0 , ≤ 4.6.2.3309
(custom)
Unaffected: 4.6.2.3430 (custom) |
|
| Progress | DataDirect Hybrid Data Pipeline JDBC Driver |
Affected:
0 , ≤ 4.6.2.0607
(custom)
Unaffected: 4.6.2.1023 (custom) |
|
| Progress | DataDirect Hybrid Data Pipeline On Premises Connector |
Affected:
0 , ≤ 4.6.2.1223
(custom)
Unaffected: 4.6.2.1339 (custom) |
|
| Progress | DataDirect Hybrid Data Pipeline Docker |
Affected:
0 , ≤ 4.6.2.3316
(custom)
Unaffected: 4.6.2.3430 (custom) |
|
| Progress | DataDirect OpenAccess JDBC Driver |
Affected:
0 , ≤ 8.1.0.0177
(custom)
Unaffected: 8.1.0.0183 (custom) |
|
| Progress | DataDirect OpenAccess JDBC Driver |
Affected:
0 , ≤ 9.0.0.0019
(custom)
Unaffected: 9.0.0.0022 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T04:55:25.311476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:03.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Amazon Redshift",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001392",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001541",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Apache Cassandra",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.000805",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.000833",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Hive",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.1.001499",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.1.001628",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Apache Impala",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001155",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.1279",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Apache SparkSQL",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.1.001222",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.1.001344",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC Autonomous REST Connector",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.1.006961",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.1.007063",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for DB2",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.000717",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.000964",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Google Analytics 4",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.000454",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.000525"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Google BigQuery",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.002279",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.002410",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Greenplum",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001712",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001727",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Informix",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.000690",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.000851",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Microsoft Dynamics 365",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.003161",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.003198",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Microsoft SQLServer",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001936",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001957",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Microsoft Sharepoint",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001559",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001587",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for MongoDB",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.1.0.001654",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1.0.001669",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for MySQL",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "5.1.4.000330",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.1.4.000364",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Oracle Database",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001747",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001776",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Oracle Eloqua",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001438",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001458",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Oracle Sales Cloud",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001225",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001316",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Oracle Service Cloud",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "5.1.4.000298",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.1.4.000309",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for PostgreSQL",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001843",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.001856",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Progress OpenEdge",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "5.1.4.000187",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.1.4.000189",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Salesforce",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.003020",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.0.003125",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for SAP HANA",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.000879",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for SAP S/4 HANA",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.0.001818",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.1.001858",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Sybase ASE",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "5.1.4.000161",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.1.4.000162",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Connect for JDBC for Snowflake",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "6.0.1.001821",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.1.001856",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Hybrid Data Pipeline Server",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "4.6.2.3309",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.6.2.3430",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Hybrid Data Pipeline JDBC Driver",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "4.6.2.0607",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.6.2.1023",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Hybrid Data Pipeline On Premises Connector",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "4.6.2.1223",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.6.2.1339",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect Hybrid Data Pipeline Docker",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "4.6.2.3316",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.6.2.3430",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect OpenAccess JDBC Driver",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "8.1.0.0177",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.0.0183",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataDirect OpenAccess JDBC Driver",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "9.0.0.0019",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.0.0.0022",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Brecht Snijders of Triskele Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.\u003cbr\u003e\u003cbr\u003eThe SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to.\u0026nbsp; If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file.\u0026nbsp; If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served.\u0026nbsp; The attacker could fetch the resource from the server causing the java script to be executed.\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003eThis issue affects:\u003c/div\u003e\u003cdiv\u003e\n\n\u003cdiv\u003eDataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410\u003cbr\u003eDataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727\u003cbr\u003eDataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309\u003cbr\u003eDataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125\u003cbr\u003eDataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162\u003c/div\u003e\u003cdiv\u003eDataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856\u003c/div\u003e\u003cdiv\u003eDataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430\u003c/div\u003e\u003cdiv\u003eDataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023\u003c/div\u003e\u003cdiv\u003eDataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339\u003cbr\u003eDataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430\u003c/div\u003e\u003cdiv\u003eDataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183\u003c/div\u003e\u003cdiv\u003eDataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022\u003c/div\u003e\n\n\u003cbr\u003e\u003c/div\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.\n\nThe SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to.\u00a0 If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file.\u00a0 If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served.\u00a0 The attacker could fetch the resource from the server causing the java script to be executed.\n\n\n\n\n\nThis issue affects:\n\n\n\nDataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541\n\nDataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833\n\nDataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628\n\nDataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279\n\nDataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344\n\nDataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063\n\nDataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964\n\nDataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525\n\nDataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410\nDataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727\nDataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851\n\n\nDataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198\n\nDataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957\n\nDataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587\n\nDataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669\n\nDataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364\n\nDataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776\n\nDataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458\n\nDataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316\n\nDataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309\nDataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856\n\n\nDataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189\n\nDataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125\nDataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired\n\nDataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858\n\nDataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162\n\nDataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856\n\nDataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430\n\nDataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023\n\nDataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339\nDataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430\n\nDataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183\n\nDataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022"
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T15:47:07.908Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/Progress-DataDirect-Critical-Security-Product-Alert-Bulletin-November-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-10703",
"datePublished": "2025-11-19T15:47:07.908Z",
"dateReserved": "2025-09-18T19:40:28.783Z",
"dateUpdated": "2026-02-26T16:21:03.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10710 (GCVE-0-2025-10710)
Vulnerability from cvelistv5 – Published: 2025-09-19 12:32 – Updated: 2025-09-19 13:04
VLAI
Title
07FLYCMS/07FLY-CMS/07FlyCRM index.php cross site scripting
Summary
A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.324998 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.324998 | signaturepermissions-required |
| https://vuldb.com/?submit.644968 | third-party-advisory |
| https://github.com/1276486/CVE/issues/11 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10710",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:04:30.330914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:04:33.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/1276486/CVE/issues/11"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "07FLYCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20250831"
}
]
},
{
"product": "07FLY-CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20250831"
}
]
},
{
"product": "07FlyCRM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20250831"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zre0x1c (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In 07FLYCMS, 07FLY-CMS and 07FlyCRM bis 20250831 wurde eine Schwachstelle gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /index.php. Mit der Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T12:32:09.221Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-324998 | 07FLYCMS/07FLY-CMS/07FlyCRM index.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.324998"
},
{
"name": "VDB-324998 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.324998"
},
{
"name": "Submit #644968 | 07FLY Enterprise Management System S1 Basic Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.644968"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/1276486/CVE/issues/11"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-19T08:13:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "07FLYCMS/07FLY-CMS/07FlyCRM index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10710",
"datePublished": "2025-09-19T12:32:09.221Z",
"dateReserved": "2025-09-19T06:07:23.595Z",
"dateUpdated": "2025-09-19T13:04:33.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10711 (GCVE-0-2025-10711)
Vulnerability from cvelistv5 – Published: 2025-09-19 12:32 – Updated: 2025-09-19 13:03
VLAI
Title
07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting
Summary
A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.324999 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.324999 | signaturepermissions-required |
| https://vuldb.com/?submit.644969 | third-party-advisory |
| https://github.com/1276486/CVE/issues/12 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10711",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:03:52.647848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:03:55.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/1276486/CVE/issues/12"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "07FLYCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20250831"
}
]
},
{
"product": "07FLY-CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20250831"
}
]
},
{
"product": "07FlyCRM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20250831"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zre0x1c (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In 07FLYCMS, 07FLY-CMS and 07FlyCRM bis 20250831 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index.php/sysmanage/Login. Durch die Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T12:32:11.985Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-324999 | 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.324999"
},
{
"name": "VDB-324999 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.324999"
},
{
"name": "Submit #644969 | 07FLY Enterprise Management System S1 Basic Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.644969"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/1276486/CVE/issues/12"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-19T08:13:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10711",
"datePublished": "2025-09-19T12:32:11.985Z",
"dateReserved": "2025-09-19T06:07:26.582Z",
"dateUpdated": "2025-09-19T13:03:55.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10758 (GCVE-0-2025-10758)
Vulnerability from cvelistv5 – Published: 2025-09-21 00:02 – Updated: 2025-09-22 14:38
VLAI
Title
htmly Custom Field post cross site scripting
Summary
A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325113 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.325113 | signaturepermissions-required |
| https://vuldb.com/?submit.645806 | third-party-advisory |
| https://www.notion.so/inmog/Reported-Vulnerabilit… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10758",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T14:38:27.337868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T14:38:55.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Custom Field Handler"
],
"product": "htmly",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "inmoyang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in htmly bis 3.1.0 entdeckt. Betroffen ist eine unbekannte Funktion der Datei /htmly/admin/field/post der Komponente Custom Field Handler. Mittels dem Manipulieren des Arguments label mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-21T00:02:07.636Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325113 | htmly Custom Field post cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325113"
},
{
"name": "VDB-325113 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325113"
},
{
"name": "Submit #645806 | Htmly Htmly CMS 3.1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645806"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/inmog/Reported-Vulnerability-XSS-Vulnerability-in-htmly-v3-1-0-2627752d1edd804fbd71f310bde44d11"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-20T08:59:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "htmly Custom Field post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10758",
"datePublished": "2025-09-21T00:02:07.636Z",
"dateReserved": "2025-09-20T06:54:20.906Z",
"dateUpdated": "2025-09-22T14:38:55.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10794 (GCVE-0-2025-10794)
Vulnerability from cvelistv5 – Published: 2025-09-22 10:32 – Updated: 2025-09-22 12:10 X_Freeware
VLAI
Title
PHPGurukul Car Rental Project search.php cross site scripting
Summary
A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325151 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.325151 | signaturepermissions-required |
| https://vuldb.com/?submit.654067 | third-party-advisory |
| https://github.com/tddgns/cve/issues/1 | exploitissue-tracking |
| https://phpgurukul.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHPGurukul | Car Rental Project |
Affected:
3.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10794",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T11:58:49.673141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T12:10:10.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Car Rental Project",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "tddgns (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Car Rental Project 3.0 ist eine Schwachstelle entdeckt worden. Betroffen davon ist eine unbekannte Funktion der Datei /carrental/search.php. Dank Manipulation des Arguments autofocus mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T10:32:09.461Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325151 | PHPGurukul Car Rental Project search.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325151"
},
{
"name": "VDB-325151 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325151"
},
{
"name": "Submit #654067 | PHPGurukul Car Rental Project V 3.0 a cross-site scripting (XSS)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.654067"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/tddgns/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T11:29:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Car Rental Project search.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10794",
"datePublished": "2025-09-22T10:32:09.461Z",
"dateReserved": "2025-09-21T09:24:16.084Z",
"dateUpdated": "2025-09-22T12:10:10.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1082 (GCVE-0-2025-1082)
Vulnerability from cvelistv5 – Published: 2025-02-06 22:31 – Updated: 2025-02-07 15:59
VLAI
Title
Mindskip xzs-mysql 学之思开源考试系统 Exam Edit edit cross site scripting
Summary
A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.294858 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.294858 | signaturepermissions-required |
| https://vuldb.com/?submit.489633 | third-party-advisory |
| https://github.com/cydtseng/Vulnerability-Researc… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mindskip | xzs-mysql 学之思开源考试系统 |
Affected:
3.9.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1082",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:59:20.315532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:59:29.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Exam Edit Handler"
],
"product": "xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf",
"vendor": "Mindskip",
"versions": [
{
"status": "affected",
"version": "3.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vastzero (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /api/admin/question/edit der Komponente Exam Edit Handler. Durch die Manipulation des Arguments title/content mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T22:31:04.845Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-294858 | Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf Exam Edit edit cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.294858"
},
{
"name": "VDB-294858 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.294858"
},
{
"name": "Submit #489633 | Mindskip xzs-mysql 3.9.0 Stored Cross Site Scripting (XSS)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.489633"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/StoredXSS-ExamEdit.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-06T15:30:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf Exam Edit edit cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1082",
"datePublished": "2025-02-06T22:31:04.845Z",
"dateReserved": "2025-02-06T14:25:48.412Z",
"dateUpdated": "2025-02-07T15:59:29.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10827 (GCVE-0-2025-10827)
Vulnerability from cvelistv5 – Published: 2025-09-23 00:32 – Updated: 2025-09-23 19:39
VLAI
Title
PHPJabbers Restaurant Menu Maker preview.php cross site scripting
Summary
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325184 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.325184 | signaturepermissions-required |
| https://vuldb.com/?submit.655884 | third-party-advisory |
| https://github.com/485961590/CVE/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHPJabbers | Restaurant Menu Maker |
Affected:
1.0
Affected: 1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10827",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T19:39:38.162609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T19:39:50.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Restaurant Menu Maker",
"vendor": "PHPJabbers",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nyxswl (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPJabbers Restaurant Menu Maker up to 1.1 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /preview.php. Mittels Manipulieren des Arguments theme mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T00:32:09.601Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325184 | PHPJabbers Restaurant Menu Maker preview.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325184"
},
{
"name": "VDB-325184 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325184"
},
{
"name": "Submit #655884 | PHPJABBERS Restaurant Menu Maker V1.1 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.655884"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/485961590/CVE/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T18:19:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPJabbers Restaurant Menu Maker preview.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10827",
"datePublished": "2025-09-23T00:32:09.601Z",
"dateReserved": "2025-09-21T16:14:24.255Z",
"dateUpdated": "2025-09-23T19:39:50.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10837 (GCVE-0-2025-10837)
Vulnerability from cvelistv5 – Published: 2025-09-23 04:02 – Updated: 2025-09-23 13:51 X_Freeware
VLAI
Title
code-projects Simple Food Ordering System order.php cross site scripting
Summary
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325194 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.325194 | signaturepermissions-required |
| https://vuldb.com/?submit.657108 | third-party-advisory |
| https://github.com/asd1238525/cve/blob/main/xss3.md | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Simple Food Ordering System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10837",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:51:24.495187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:51:47.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yunlin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "In code-projects Simple Food Ordering System 1.0 wurde eine Schwachstelle gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /ordersimple/order.php. Mit der Manipulation des Arguments ID mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T04:02:07.507Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325194 | code-projects Simple Food Ordering System order.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325194"
},
{
"name": "VDB-325194 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325194"
},
{
"name": "Submit #657108 | code-projects Simple Food Ordering System 1.0 Improper Neutralization of Alternate XSS Syntax",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.657108"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/asd1238525/cve/blob/main/xss3.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T21:49:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Simple Food Ordering System order.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10837",
"datePublished": "2025-09-23T04:02:07.507Z",
"dateReserved": "2025-09-21T19:43:35.728Z",
"dateUpdated": "2025-09-23T13:51:47.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1085 (GCVE-0-2025-1085)
Vulnerability from cvelistv5 – Published: 2025-02-07 00:00 – Updated: 2025-02-07 16:01
VLAI
Title
Animati PACS login cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.294861 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.294861 | signaturepermissions-required |
| https://vuldb.com/?submit.489857 | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:42:52.016167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:01:05.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PACS",
"vendor": "Animati",
"versions": [
{
"status": "affected",
"version": "1.24.12.09.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "c4ng4c3ir0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Animati PACS bis 1.24.12.09.03 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /login. Mittels Manipulieren des Arguments p mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T00:00:17.837Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-294861 | Animati PACS login cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.294861"
},
{
"name": "VDB-294861 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.294861"
},
{
"name": "Submit #489857 | Animati PACS v1.24.10.16.01~1.24.12.09.03 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.489857"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-06T15:40:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Animati PACS login cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1085",
"datePublished": "2025-02-07T00:00:17.837Z",
"dateReserved": "2025-02-06T14:35:11.873Z",
"dateUpdated": "2025-02-07T16:01:05.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1087 (GCVE-0-2025-1087)
Vulnerability from cvelistv5 – Published: 2025-05-09 11:37 – Updated: 2025-09-17 13:48
VLAI
Title
Arbitrary Code Execution in Kong Insomnia Desktop Application
Summary
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T14:15:18.409092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T14:20:05.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-09-17T13:48:50.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://tantosec.com/blog/2025/06/insomnia-api-client-template-injection/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Insomnia Desktop Application (GUI)"
],
"packageName": "insomnia-desktop",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "Insomnia",
"vendor": "Kong Inc.",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "n/a",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eKong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.\n\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T11:37:49.660Z",
"orgId": "02762ae7-200e-4b20-9b2b-a77d5b8fc4cb",
"shortName": "Kong"
},
"references": [
{
"url": "https://github.com/Kong/insomnia"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary Code Execution in Kong Insomnia Desktop Application",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "02762ae7-200e-4b20-9b2b-a77d5b8fc4cb",
"assignerShortName": "Kong",
"cveId": "CVE-2025-1087",
"datePublished": "2025-05-09T11:37:49.660Z",
"dateReserved": "2025-02-06T15:18:44.822Z",
"dateUpdated": "2025-09-17T13:48:50.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Refactoring
Description:
- Refactor your program so that you do not have to dynamically generate code.
Mitigation
Phase: Architecture and Design
Description:
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Phase: Testing
Description:
- Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation ID: MIT-32
Phase: Operation
Strategy: Compilation or Build Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation ID: MIT-32
Phase: Operation
Strategy: Environment Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
Phase: Implementation
Description:
- For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.