CVE-2025-9391 – Bjskzy Zhiyou ERP SQL Injection

August 24, 2025

CVE ID : CVE-2025-9391

Published : Aug. 24, 2025, 3:15 p.m. | 9 hours, 43 minutes ago

Description : A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9393 – “Linksys RE Series Stack-Based Buffer Overflow Vulnerability”

Next Article CVE-2025-9392 – Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-9391 – Bjskzy Zhiyou ERP SQL Injection

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

CVE-2025-0928 – Juju Unauthorized Agent Binary Upload Vulnerability

CVE-2025-4711 – Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE-2025-8501 – Human Resource Integrated System Cross-Site Scripting Vulnerability

CVE-2025-27720 – Pixmeo Osirix MD Unencrypted Credential Disclosure

CVE-2025-46777 – Fortinet FortiPortal Information Disclosure Vulnerability

CVE-2025-28969 – Cybio Gallery Widget SQL Injection

ReVisual-R1: An Open-Source 7B Multimodal Large Language Model (MLLMs) that Achieves Long, Accurate and Thoughtful Reasoning

Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong

CVE-2025-9391 – Bjskzy Zhiyou ERP SQL Injection

Related Posts