CVE-2025-3318

Name of the Vulnerable Software and Affected Versions Kenj Frog company-financial-management system version 1.0

Description A critical vulnerability was found in the company-financial-management system. The issue affects the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the sort argument leads to SQL injection. The attack can be launched remotely.

Recommendations For version 1.0, as a temporary workaround, consider restricting access to the ShangpinleixingController.java file until a fix is available. Avoid using the sort argument in the affected function page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.