CVE-2025-28967

Name of the Vulnerable Software and Affected Versions: Contact Us page - Contact people LITE versions 3.7.4 and earlier

Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially enabling unauthorized access or manipulation of data.

Recommendations: For versions 3.7.4 and earlier, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider restricting access to the SQL database or implementing additional validation and sanitization for user input to minimize the risk of exploitation.