CVE-2025-67889 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 Collector.php getQueryBuilder searchPhrase sql injection

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability was found in pkp pkp-lib up to 3.4.0-9/3.5.0-1. It has been classified as critical. The affected element is the function Collector::getQueryBuilder of the file /classes/institution/Collector.php. Performing manipulation of the argument searchPhrase results in sql injection.

This vulnerability was named CVE-2025-67889. The attack may be initiated remotely. In addition, an exploit is available.

Upgrading the affected component is recommended.

CVE-2025-67889 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 Collector.php getQueryBuilder searchPhrase sql injection

Post correlati

CVE-2024-8735 | MailMunch Plugin up to 3.1.8 on WordPress add_query_arg cross site scripting

CVE-2024-41042 | Linux Kernel up to 6.9.9 netfilter nf_tables_check_loops stack-based overflow (9df785aeb7dc/cff3bd012a95)

CVE-2025-48286 | catkin ReDi Restaurant Reservation Plugin up to 24.1209 on WordPress cross site scripting

CVE-2025-48993 | Intermesh groupoffice up to 6.8.122/25.0.26 cross site scripting