CVE-2025-40628

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: DomainsPRO version 1.2

Description: The issue is an SQL injection vulnerability that could allow an attacker to retrieve, create, update, and delete databases. This is achieved via the d parameter in the "/article.php" endpoint.

Recommendations: For DomainsPRO version 1.2, consider disabling access to the "/article.php" endpoint until a patch is available. Restrict the use of the d parameter to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-40628

Affected Products

Domainspro

CVE-2025-40628

Weakness Enumeration

Related Identifiers

Affected Products

References · 6