CVE-2025-14780

Xiongwei Smart Catering Cloud Platform dish_trade_detail_get sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-89

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

Xiongwei · Smart Catering Cloud Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/zhangbuneng/3/issues/1 https://vuldb.com/?ctiid.336607 https://vuldb.com/?id.336607 https://vuldb.com/?submit.674051