PT-2025-40844 · 厦门天锐科技股份有限公司 · Tipray Data Leakage Prevention System+1
Nu11
·
Publicado
2025-10-06
·
Atualizado
2025-11-03
·
CVE-2025-11317
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0
Description
A security issue exists in the Tipray Data Leakage Prevention System. The
findRolePage function within the findSingConfigPage.do file is susceptible to SQL injection due to manipulation of the sort argument. This allows for remote exploitation. An exploit for this issue is publicly available. The vendor was notified but did not respond.Recommendations
Apply a fix for the vulnerability in version 1.0.
Exploit
Correção
Special Elements Injection
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Tipray Data Leakage Prevention System
天锐数据泄露防护系统