CVE-2025-0392

Name of the Vulnerable Software and Affected Versions Guangzhou Huayi Intelligent Technology Jeewms versions up to 20241229

Description A critical SQL injection vulnerability was found in the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store code leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Guangzhou Huayi Intelligent Technology Jeewms versions up to 20241229, upgrade to version 20250101 to address this issue. As a temporary workaround, consider restricting access to the /graphReportController.do file or disabling the datagridGraph function until the upgrade is applied. Avoid using the store code argument in the affected API endpoint until the issue is resolved.