exploitDog

CVE-2025-57529

Опубликовано: 03 фев. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access

Ссылки

https://github.com/songqb-xx/CPAS-bug
Exploit
Third Party Advisory
https://github.com/songqb-xx/CVE-2025-57529/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:youdatasum:cpas_audit_management_system:*:*:*:*:*:*:*:*

Версия до 4.9 (включая)

EPSS

Процентиль: 42%

0.00555

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-g296-jp3g-x877

CVSS3: 9.8

github

5 месяцев назад

YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access

EPSS

Процентиль: 42%

0.00555

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89