zj1983 zz SQL Injection Vulnerability in SuperZ.java
Vulnerability
A critical SQL injection vulnerability has been identified in zj1983 zz versions through 2024-08. The issue arises in the GetUserOrg function within the SuperZ.java file, where improper handling of the userId parameter allows for SQL injection. This vulnerability can be exploited remotely.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a GET request to the 'getUserOrgForUserId' endpoint with a crafted userId parameter that includes a SQL injection payload. The request should be made from a remote location, and the injection can be verified by observing the application's response, which may indicate successful exploitation, such as returning database information or application data that should not be accessible.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.