PT-2025-43154 · Alexander · Anycomment
Rooting
·
Publicado
2025-10-22
·
Atualizado
2025-11-19
·
CVE-2025-48091
CVSS v3.1
8.5
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Alexander AnyComment versions through 0.3.6
Description
A flaw exists in Alexander AnyComment that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. This could allow an attacker to manipulate database queries.
Recommendations
Update Alexander AnyComment to a version newer than 0.3.6.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Anycomment