CVE-2025-0942 HIGH

CVE-2025-0942: Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection

Vendor Jalios

Product JPlatform

Weakness CWE-89 · SQLi

Published April 7, 2025

Last update November 19, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06.

Key dates

02Disclosure timeline

April 7, 2025 CVE published

November 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0942 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-10947 Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System BatchOrder sql injection CVE-2025-1158 ESAFENET CDG addPolicyToSafetyGroup.jsp sql injection CVE-2025-4491 Campcodes Online Food Ordering System ticket-status.php sql injection CVE-2026-27373 WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability CVE-2025-4263 PHPGurukul Online DJ Booking Management System booking-search.php sql injection