PT-2025-21984 · David F. Carr · Rsvpmaker
Astra.R3Verii
·
Publicado
2025-05-19
·
Atualizado
2025-05-19
·
CVE-2025-48278
CVSS v3.1
8.5
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
davidfcarr RSVPMarker versions n/a through 11.5.6
Description:
The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks, potentially leading to system breaches.
Recommendations:
For versions n/a through 11.5.6, update to a version later than 11.5.6 to resolve the SQL Injection issue.
As a temporary workaround, consider restricting access to SQL commands to minimize the risk of exploitation.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rsvpmaker