PT-2025-40844 · 厦门天锐科技股份有限公司 · Tipray Data Leakage Prevention System+1
Nu11
·
Published
2025-10-06
·
Updated
2025-11-03
·
CVE-2025-11317
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0
Description
A security issue exists in the Tipray Data Leakage Prevention System. The
findRolePage function within the findSingConfigPage.do file is susceptible to SQL injection due to manipulation of the sort argument. This allows for remote exploitation. An exploit for this issue is publicly available. The vendor was notified but did not respond.Recommendations
Apply a fix for the vulnerability in version 1.0.
Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tipray Data Leakage Prevention System
天锐数据泄露防护系统