Login Sign Up

CVE-2025-11312

7.3 HIGH
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in Tipray Data Leakage Prevention System 1.0. Attackers can remotely exploit the findModulePage.do endpoint by manipulating the 'sort' parameter to execute arbitrary SQL commands. Organizations using this specific version of the DLP system are affected.

💻 Affected Systems

Products:
  • Tipray Data Leakage Prevention System
Versions: 1.0
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: Specific to the findModulePage.do endpoint with the sort parameter manipulation.

📦 What is this software?

Data Leakage Prevention System by Tipray

View all CVEs affecting Data Leakage Prevention System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential system takeover via SQL injection leading to remote code execution.

🟠

Likely Case

Unauthorized access to sensitive data stored in the DLP system database, including potentially protected documents and system credentials.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or system replacement.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the findModulePage.do endpoint and sort parameter.

Network Segmentation

all

Restrict access to the DLP system to only authorized internal networks, removing internet-facing exposure.

🧯 If You Can't Patch

  • Deploy the system behind a reverse proxy with strict input validation and SQL injection filtering.
  • Implement network-level controls to limit database access from the DLP application server.

🔍 How to Verify

Check if Vulnerable:

Test the findModulePage.do endpoint with SQL injection payloads in the sort parameter (e.g., sort=1' OR '1'='1).

Check Version:

Check system documentation or web interface for version information, typically displayed in admin panels.

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and return appropriate error handling.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed login attempts or parameter manipulation in access logs

Network Indicators:

  • HTTP requests to findModulePage.do with suspicious sort parameter values containing SQL keywords

SIEM Query:

source="web_logs" AND uri="/findModulePage.do" AND (param="sort" AND value CONTAINS "' OR" OR value CONTAINS "UNION" OR value CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2025-11312
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.05% exploit probability (15.4th percentile)
Published: October 6, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11312, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)