CVE-2025-7888: SQL Injection in TDuckCloud tduck-platform
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7888: SQL Injection in TDuckCloud tduck-platform
Description
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-19T10:43:15.866Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687cde05a83201eaac025eb8
Added to database: 7/20/2025, 12:16:05 PM
Last updated: 7/20/2025, 12:16:05 PM
Views: 1
Related Threats
CVE-2025-7886: SQL Injection in pmTicket Project-Management-Software
MediumCVE-2025-7887: Cross Site Scripting in Zavy86 WikiDocs
MediumCVE-2025-7885: Cross Site Scripting in Huashengdun WebSSH
MediumCVE-2025-7884: Insufficient Verification of Data Authenticity in Eluktronics Control Center
MediumCVE-2025-7883: Command Injection in Eluktronics Control Center
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.