CVE-2025-34038

by Fred · 24/06/2025

A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes.

Assigner : disclosure@vulncheck.com

More information : https://vulncheck.com/advisories/fanwei-ecology-sql-injection

CVE-2025-34038

Similar

Recent Posts

Categories

CVE-2025-34038

Share this:

Similar

Recent Posts

Categories

Tags