CVE-2025-7938

Medium CVSS: 5.3

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor

Jerryshensjf

Product

Jpacookieshop

CWE

CWE-285

Yayın Tarihi

2025-07-21 20:15:56

Güncelleme

2025-11-06 16:12:01

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-285 Jpacookieshop MEDIUM Jerryshensjf 2025

Referanslar

https://github.com/Bemcliu/cve-reports/blob/main/cve-02-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Privilege%20Escalation/readme.md https://vuldb.com/?ctiid.317075 https://vuldb.com/?id.317075 https://vuldb.com/?submit.618985

Benzer Kayıtlar

Medium

CVE-2025-8222

A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c…

Medium

CVE-2025-8223

A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f…

Medium

CVE-2025-8221

A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f61…

Medium

CVE-2025-7939

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is th…