CVE-2025-1812: zj1983 zz SuperZ.java GetUserOrg sql injection
First published: Sun Mar 02 2025(Updated: )
A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| zj1983 zz | <=2024-08 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1812?
CVE-2025-1812 is classified as a critical severity vulnerability.
How do I fix CVE-2025-1812?
Fixing CVE-2025-1812 involves updating the affected software to a version released after August 2024.
What type of vulnerability is CVE-2025-1812?
CVE-2025-1812 is categorized as an SQL injection vulnerability.
Which file is affected by CVE-2025-1812?
The affected file in CVE-2025-1812 is com/futvan/z/framework/core/SuperZ.java.
Can CVE-2025-1812 be exploited remotely?
Yes, CVE-2025-1812 can be exploited remotely due to the nature of the SQL injection vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/description
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/zj1983
- canonical/zj1983 zz