CVE-2025-5493

Name of the Vulnerable Software and Affected Versions Baison Channel Middleware Product version 2.0.1

Description A critical issue was found in the Baison Channel Middleware Product, affecting an unknown functionality of the file "/e3api/api/main/ToJsonByControlName". The manipulation of the data argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For version 2.0.1, consider restricting access to the "/e3api/api/main/ToJsonByControlName" API endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the data argument in this endpoint until a patch is available.