CVE-2025-5384

Name of the Vulnerable Software and Affected Versions JeeWMS versions up to 20250504

Description A critical issue was found, affecting the function CgAutoListController of the file "/cgAutoListController.do?datagrid". This issue leads to sql injection and can be initiated remotely. The product uses rolling releases, so version details for affected and updated releases are not available.

Recommendations For versions up to 20250504, as a temporary workaround, consider disabling the CgAutoListController function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.