CVE-2025-13268

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Dromara dataCompare versions up to 1.0.1

Description A flaw exists in Dromara dataCompare related to the JDBC URL Handler component. The issue resides within the

DbConfig

function of the file

src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java

. Manipulation of this function can lead to injection, and the attack can be launched remotely. An exploit for this issue has been published.

Recommendations Versions prior to 1.0.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Neutralization

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-74

Related Identifiers

CVE-2025-13268

Affected Products

Dromara Datacompare

CVE-2025-13268

Weakness Enumeration

Related Identifiers

Affected Products

References · 7