Myclub · Myclub · CVE-2025-57423
**Name of the Vulnerable Software and Affected Versions**
MyClub version 0.5
**Description**
A SQL injection issue exists in MyClub version 0.5. Insufficient input sanitisation in the `/articles` API endpoint allows an unauthenticated remote attacker to inject arbitrary SQL commands via a crafted GET request. The vulnerable query parameters include `Content`, `GroupName`, `PersonName`, `lastUpdate`, `pool`, and `title`. Successful exploitation could lead to information disclosure or database manipulation.
**Recommendations**
Apply input sanitisation to all query parameters of the `/articles` endpoint.