PT-2025-49403 · Chanjet · Chanjet Tplus

Routing_Love

Publicado

2025-12-07

Atualizado

2025-12-11

CVE-2025-14190

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Chanjet TPlus versions prior to 20251121

Description A flaw exists in Chanjet TPlus that allows for SQL injection. The issue is related to the manipulation of the currentAccId argument within the file '/tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load'. This manipulation occurs through the /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController API endpoint. The attack can be initiated remotely. The exploit has been published.

Recommendations Update Chanjet TPlus to a version later than 20251121.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-14190

Produtos afetados

Chanjet Tplus

PT-2025-49403 · Chanjet · Chanjet Tplus

CVE-2025-14190

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11