CVE-2025-13268 – Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection

CVE ID : CVE-2025-13268

Published : Nov. 17, 2025, 8:16 a.m. | 48 minutes ago

Description : A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can be launched remotely. The exploit has been published and may be used.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…