CVE-2025-40728 – Customer Support System SQL Injection

June 16, 2025

CVE ID : CVE-2025-40728

Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago

Description : SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40729 – Apache Customer Support System Reflected Cross-Site Scripting (XSS)

Next Article CVE-2025-40727 – Phoenix Site CMS Reflected Cross Site Scripting (XSS)

Highlights

CVE-2025-3752 – Able Player WordPress Stored Cross-Site Scripting Vulnerability

April 25, 2025

CVE ID : CVE-2025-3752

Published : April 25, 2025, 5:15 a.m. | 2 hours, 15 minutes ago

Description : The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

DistroWatch Weekly, Issue 1126

It’s the year of Linux… at least for Denmark — here’s why the country’s government is dumping Windows and Office 365

Grounded 2’s best feature is happening because Obsidian left the Xbox One behind

6 registry tweaks every tech-savvy user must apply on Windows 11

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

DistroWatch Weekly, Issue 1126

Find ASCII Emoji Easily with this GNOME Shell Applet

CVE-2025-40728 – Customer Support System SQL Injection

CVE-2025-6108 – Hansonwang99 Spring-Boot-In-Action Path Traversal Vulnerability

CVE-2025-6110 – Tenda FH1201 Stack-Based Buffer Overflow Vulnerability

A Step-by-Step Coding Guide to Building an Iterative AI Workflow Agent Using LangGraph and Gemini

Halwan Linux is an Arch-based distro for developers

Understanding the :root Selector and CSS Variables in CSS3

Look, no patches! Why Chainguard OS might be the most secure Linux ever

CVE-2025-3752 – Able Player WordPress Stored Cross-Site Scripting Vulnerability

Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN

CVE-2025-46355 – PC Time Tracer Elevation of Privilege Vulnerability

Microsoft Outlook gaat meer bij aanvallen gebruikte bestandstypes blokkeren

CVE-2025-40728 – Customer Support System SQL Injection

Related Posts