CVE-2025-6766

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: sfturing hosp order versions up to 627f426331da8086ce8fff2017d65b1ddef384f8

Description: A critical issue was found in the getOfficeName function of the OfficeServiceImpl.java file, which is vulnerable to SQL injection through the manipulation of the officesName argument. This issue can be exploited remotely.

Recommendations: For versions up to 627f426331da8086ce8fff2017d65b1ddef384f8, as a temporary workaround, consider restricting the use of the getOfficeName function until a fix is available. Additionally, avoid using the officesName argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-6766

Affected Products

Sfturing Hosp Order

CVE-2025-6766

Weakness Enumeration

Related Identifiers

Affected Products

References · 8