PT-2026-22964 · Unknown · Vran-Dev Databaseir

Published

2026-03-04

Updated

2026-03-04

CVE-2025-66944

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vran-dev databaseir versions prior to 1.0.7

Description A SQL Injection issue exists in vran-dev databaseir version 1.0.7 and earlier. This allows a remote attacker to execute arbitrary code through the query parameter in the ''/search'' API endpoint.

Recommendations Update vran-dev databaseir to a version newer than 1.0.7.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-66944

Affected Products

Vran-Dev Databaseir

PT-2026-22964 · Unknown · Vran-Dev Databaseir

CVE-2025-66944

Weakness Enumeration

Related Identifiers

Affected Products

References · 5