PT-2025-42476 · Unknown · Ultimate Php Board

Published

2025-10-16

Updated

2025-10-16

CVE-2025-61540

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board version 2.2.7

Description A SQL injection issue exists in Ultimate PHP Board version 2.2.7. The issue is located in the lostpassword.php file, specifically through the username field. Successful exploitation could allow an attacker to inject malicious SQL code. The username parameter is vulnerable.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the username input in the lostpassword.php file to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-61540

Affected Products

Ultimate Php Board

PT-2025-42476 · Unknown · Ultimate Php Board

CVE-2025-61540

Weakness Enumeration

Related Identifiers

Affected Products

References · 8