CVE-2025-0942

Name of the Vulnerable Software and Affected Versions Jalios JPlatform versions prior to 10.0.6

Description The DB chooser functionality in Jalios JPlatform improperly neutralizes special elements used in an SQL command, allowing authenticated administrative users to trigger SQL Injection. A patch was released on 2023-02-06.

Recommendations For versions prior to 10.0.6, update to version 10.0.6 or apply the PatchPlugin release issued on 2023-02-06 to resolve the issue. As a temporary workaround, consider restricting access to the DB chooser functionality to minimize the risk of exploitation.