CVE-2025-11309 – Tipray Data Leakage Prevention System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Tipray Data Leakage Prevention System version 1.0. The issue arises in the 'doFilter' function of the 'findDeptPage.do' file, where manipulation of the 'sort' parameter allows for SQL injection. This vulnerability can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to 'findDeptPage.do' with a crafted 'sort' parameter that exploits the application's SQL query handling. The injection can be verified by observing a delay in the response, indicating successful exploitation.

Added: Oct 5, 2025, 11:18 PM

Updated: Oct 5, 2025, 11:18 PM

Affected Products

No known affected products were detected.

CVSS Scores

volerion

8.8

CVSS 4.0

8.8

High

volerion

9.1

CVSS 3.1

9.1

Critical

nvd@nist.gov

9.8

CVSS 3.1

9.8

Critical

Vendor

5.5

CVSS 4.0

5.5

Medium

Vendor

7.3

CVSS 3.1

7.3

High

Click a row to open the calculator.

References

https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-1.md

ExploitTechnical Analysis

https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-1.md#sql-injection-vulnerability

https://vuldb.com/?ctiid.327190

AdvisoryPermission Required

https://vuldb.com/?id.327190

AdvisoryExploitPartial Content

Showing 1-4 of 5 references

Tipray Data Leakage Prevention System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating