CVE-2025-14780

Published December 16th, 2025

View on NVD ↗

CVSS v3

6.3

MEDIUM

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

zhangbuneng/3

Hangzhou Xiongwei Technology Development Co., Ltd. - The DishTrade/dish_trade_detail_get interface in the Smart Catering Cloud Platform is vulnerable to SQL injection

GitHub