CVE-2025-5386 MEDIUM

CVE-2025-5386: JeeWMS cgformTransController.do transEditor sql injection

Vendor N/A

Product JeeWMS

Weakness CWE-89 · SQLi

Published May 31, 2025

Last update June 2, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Key dates

02Disclosure timeline

May 31, 2025 CVE published

June 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5386 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection CVE-2025-31619 WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability CVE-2024-11009 Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) <= 1.2.1 - Authenticated (Administrator+) SQL Injection via post_id Parameter CVE-2025-3690 PHPGurukul Men Salon Management System edit-services.php sql injection