CVE-2025-15439 | Daptin 0.10.3 Aggregate API resource_aggregate.go goqu.L column/group/order sql injection

Uncategorized
Yanac

A vulnerability identified as critical has been detected in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection.

This vulnerability is listed as CVE-2025-15439. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More