{"id":66646,"date":"2025-07-20T16:31:43","date_gmt":"2025-07-20T13:01:43","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-7888-tduckcloud-tduck-platform-sql-injection-vulnerability\/"},"modified":"2025-07-20T16:31:43","modified_gmt":"2025-07-20T13:01:43","slug":"cve-2025-7888-tduckcloud-tduck-platform-sql-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-7888-tduckcloud-tduck-platform-sql-injection-vulnerability\/","title":{"rendered":"CVE-2025-7888 &#8211; TDuckCloud tduck-platform SQL Injection Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-7888<br \/>\n<br \/>\n<strong>Published : <\/strong> July 20, 2025, 12:15 p.m. | 36\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src\/main\/java\/com\/tduck\/cloud\/form\/mapper\/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 6.3 | MEDIUM<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-7888 Published : July 20, 2025, 12:15 p.m. | 36\u00a0minutes ago Description : A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src\/main\/java\/com\/tduck\/cloud\/form\/mapper\/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-66646","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/66646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=66646"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/66646\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=66646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=66646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=66646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}