CVE-2025-12914 | aaPanel BaoTa up to 11.1.0 Backend database?action=GetDatabaseAccess Name sql injection

Inserito da Angelo Barbosa | Nov 8, 2025 | CVE

A vulnerability classified as critical has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection.

This vulnerability is documented as CVE-2025-12914. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12914 | aaPanel BaoTa up to 11.1.0 Backend database?action=GetDatabaseAccess Name sql injection

Post correlati

CVE-2024-24764 | October CMS up to 3.5.14 october Schema redirect (GHSA-v2vf-jv88-3fp5)

CVE-2025-8747 | Google Keras up to 3.10.0 Model.load_model deserialization

CVE-2024-56220 | SSL Wireless SMS Notification Plugin up to 3.5.0 on WordPress privileges assignment

CVE-2024-23836 | Suricata up to 6.0.15/7.0.2 allocation of resources