PT-2026-1108 · Daptin · Daptin

Hiro

Publicado

2026-01-02

Atualizado

2026-01-02

CVE-2025-15439

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Daptin version 0.10.3

Description A flaw exists in Daptin version 0.10.3 within the Aggregate API component. Specifically, the goqu.L function in the server/resource/resource aggregate.go file is susceptible to SQL injection. The issue arises from the manipulation of the column, group, or order arguments. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-15439

Produtos afetados

Daptin

PT-2026-1108 · Daptin · Daptin

CVE-2025-15439

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8