CVE-2025-63694

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DzzOffice versions prior to 2.3.8

Description DzzOffice versions 2.3.7 and before have a SQL Injection issue in the 'explorer/groupmanage' component. The issue allows for potential manipulation of database queries through the 'explorer/groupmanage' functionality. The vulnerable parameter is not specified.

Recommendations Update to version 2.3.8 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-63694

Affected Products

Dzzoffice

CVE-2025-63694

Weakness Enumeration

Related Identifiers

Affected Products

References · 5