CVE-2025-5388
Critical SQL injection vulnerability found in JeeWMS
Overview
A vulnerability classified as critical was discovered in JeeWMS. This flaw lies in the function dogenerate of the file /generateController.do?dogenerate and allows for SQL Injection. The attack can be launched remotely.
Technical Details
The flaw resides in the dogenerate function of the /generateController.do?dogenerate file and is susceptible to SQL Injection attacks. This vulnerability can be exploited remotely. Version details for affected releases are unavailable as the product uses a rolling release cycle.
CVSS Metrics
- Base Score: 6.3
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: LOW
- User Interaction: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
This vulnerability can allow an attacker to execute arbitrary SQL commands, possibly leading to data breach or unauthorized modifications.
Recommendations
Users are advised to check for updates frequently due to the rolling release cycle of the software. Also, input validation should be implemented to mitigate SQL Injection attacks.
Threat Metrics
- cvss_score: 6.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW