CVE-2025-11316

Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0

Description A flaw exists in the software that allows for remote execution of SQL injection attacks. The issue is related to the findCategoryPage function within the findCategoryPage.do file. Manipulation of the tenantId argument can trigger the flaw. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations Apply a fix for version 1.0 to address the SQL injection vulnerability in the findCategoryPage function.