Winsure · Winsure · CVE-2025-10610
**Name of the Vulnerable Software and Affected Versions**
Winsure versions through August 21, 2025
**Description**
A flaw exists in Winsure that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could allow an attacker to execute arbitrary SQL code within the database backend, potentially leading to full database exfiltration without authentication.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.