Tduckcloud Tduck-Platform vulnerabilities
5 known vulnerabilities affecting tduckcloud/tduck-platform.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-7888P2CRITICALCVSS 9.8v5.12025-07-20
CVE-2025-7888 [CRITICAL] CWE-74 CVE-2025-7888: A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue af
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t
nvd
CVE-2025-8756P2HIGHCVSS 8.8≤ 5.1v5.0+1 more2025-08-09
CVE-2025-8756 [HIGH] CWE-266 CVE-2025-8756: A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Af
A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit h
nvd
CVE-2025-0558P3CRITICALCVSS 9.8≤ 4.0v4.02025-01-18
CVE-2025-0558 [CRITICAL] CWE-74 CVE-2025-0558: A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulner
A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The attack can be initiated remotely. The exploit has bee
nvd
CVE-2023-51805P3MEDIUMCVSS 6.5v4.02024-01-13
CVE-2023-51805 [MEDIUM] CWE-89 CVE-2023-51805: SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain se
SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.
nvd
CVE-2023-37733P4MEDIUMCVSS 6.1v4.02023-07-19
CVE-2023-37733 [MEDIUM] CWE-79 CVE-2023-37733: An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.
nvd