CVE-2025-10115 | SiempreCMS up to 1.3.6 user_search_ajax.php name/userName sql injection

Inserito da Angelo Barbosa | Set 8, 2025 | CVE

A vulnerability was found in SiempreCMS up to 1.3.6. It has been classified as critical. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection.

This vulnerability appears as CVE-2025-10115. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2025-10115 | SiempreCMS up to 1.3.6 user_search_ajax.php name/userName sql injection

Post correlati

CVE-2023-38321 | Sierra Wireless ALEOS prior 4.17.0.12 OpenNDS /opennds_auth/ null pointer dereference

CVE-2024-22818 | FlyCMS 1.0 filterKeyword_save cross-site request forgery

CVE-2024-2997 | Bdtask Multi-Store Inventory Management System up to 20240320 Category Name/Model Name/Brand Name/Unit Name cross site scripting

CVE-2025-11137 | Gstarsoft GstarCAD up to 9.4.0 File Renaming cross site scripting