CVE-2025-1116

Name of the Vulnerable Software and Affected Versions Dreamvention Live AJAX Search Free versions 1.0.0 through 1.0.6

Description A critical issue has been found in the function searchresults/search of the file /?route=extension/live search/module/live search.searchresults. The manipulation of the argument keyword leads to SQL injection. The attack may be launched remotely.

Recommendations For Dreamvention Live AJAX Search Free versions 1.0.0 through 1.0.6, as a temporary workaround, consider restricting access to the searchresults/search function until a patch is available. Additionally, avoid using the keyword argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.