CVE-2025-14190 | Chanjet TPlus up to 20251121 currentAccId sql injection

A vulnerability identified as critical has been detected in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection.

The identification of this vulnerability is CVE-2025-14190. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is advisable to implement restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More