CVE-2025-59473

Name of the Vulnerable Software and Affected Versions Structure for Admin (affected versions not specified)

Description A SQL Injection issue exists in the Structure for Admin authenticated user. The issue allows an attacker with admin access to enumerate or manipulate database records. This is due to missing parameterization and input validation, resulting in user input being included in SQL queries without proper sanitization. The vulnerability was discovered during testing of an admin dashboard, where SQL payloads injected into a parameter caused database error responses, enabling the extraction of sensitive information such as user emails and settings. The vulnerable parameter is not explicitly specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.