CVE-2025-12865

Name of the Vulnerable Software and Affected Versions U-Office Force (affected versions not specified)

Description U-Office Force developed by e-Excellence is subject to a SQL Injection issue. This allows an authenticated remote attacker to inject arbitrary SQL commands, potentially leading to unauthorized access, modification, or deletion of database contents. SQL Injection occurs when malicious SQL code is inserted through inadequately sanitized input fields or parameters. Exploitation requires some level of existing system access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.