Macfy

**Name of the Vulnerable Software and Affected Versions** zj1983 zz versions up to 2024-8 **Description** A critical issue has been discovered, affecting the `GetDBUser` function in the file `src/main/java/com/futvan/z/system/zorg/ZorgAction.java`. The manipulation of the `user id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For versions up to 2024-8, as a temporary workaround, consider restricting access to the `GetDBUser` function until a patch is available. Avoid using the `user id` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.