How severe is CVE-2025-3318?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-3318?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-3318 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Related Vulnerabilities

CVE-2016-2980

MEDIUM

CVSS:6.3(Medium)

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-For...

CWE-742016

CVE-2017-18389

MEDIUM

CVSS:6.3(Medium)

cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).

CWE-742017

CVE-2017-20196

MEDIUM

CVSS:6.3(Medium)

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argume...

CWE-742017

CVE-2018-25106

MEDIUM

CVSS:6.3(Medium)

A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy...

CWE-742018

CVE-2019-10792

MEDIUM

CVSS:6.3(Medium)

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019

CVE-2019-10793

MEDIUM

CVSS:6.3(Medium)

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019