CVE-2025-5386
SQL injection vulnerability in JeeWMS, Medium Severity
Overview
Critical SQL injection vulnerability was found in JeeWMS up to 20250504. This problem affects the function transEditor of the file /cgformTransController.do?transEditor and can be triggered remotely which may lead to breach in data integrity and confidentiality.
Technical Details
The fault occurs within the transEditor function of the file /cgformTransController.do?transEditor and is caused by improper data handling which enables SQL injection. Detailed information about affected and unaffected releases is unavailable as the product does not use versioning.
CVSS Metrics
- Attack vector is Network
- Low attack complexity
- Requires low privileges
- No user interaction required
- Scope remained unchanged
- Low impact on confidentiality, integrity, and availability
- Base score: 6.3 and base severity: Medium
Impact
This vulnerability may compromise data confidentiality and integrity if exploited. The attacker can potentially access sensitive information, alter database records or execute arbitrary SQL commands.
Recommendations
Users are advised to monitor and sanitize input data, limit the privileges of database accounts and employ Web Application Firewalls to mitigate the risk of SQL Injection attacks.
Threat Metrics
- "cvss_score": 6.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"