1Mar
CVE-2025-1832 | zj1983 zz up to 2024-8 ZroleAction.java getUserList roleid sql injection
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the functiongetUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection.
This vulnerability is known as CVE-2025-1832. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
