PT-2025-42723 · Unknown · Givanz Vvveb

Huu1J

Published

2025-10-19

Updated

2025-10-19

CVE-2025-11944

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.7.3

Description A flaw exists in givanz Vvveb that allows for SQL injection. This issue is related to the Import function within the admin/controller/tools/import.php file of the Raw SQL Handler component. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations Apply patch 52204b4a106b2fb02d16eee06a88a1f2697f9b35 to resolve this issue.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-11944

Affected Products

Givanz Vvveb

PT-2025-42723 · Unknown · Givanz Vvveb

CVE-2025-11944

Weakness Enumeration

Related Identifiers

Affected Products

References · 13