CVE-2025-13268

Name of the Vulnerable Software and Affected Versions Dromara dataCompare versions up to 1.0.1

Description A flaw exists in Dromara dataCompare related to the JDBC URL Handler component. The issue resides within the DbConfig function of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java. Manipulation of this function can lead to injection, and the attack can be launched remotely. An exploit for this issue has been published.

Recommendations Versions prior to 1.0.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.