CVE-2025-52717 – LifterLMS SQL Injection

June 27, 2025

CVE ID : CVE-2025-52717

Published : June 27, 2025, 12:15 p.m. | 2 hours, 14 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52722 – JoinWebs Classiera SQL Injection

Next Article CVE-2025-52709 – Everest Forms Object Injection Vulnerability

Highlights

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

June 24, 2025

CVE ID : CVE-2025-52888

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). Version 2.34.1 contains a patch for the issue.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

The top 4 Bluetooth speakers I’m taking everywhere this summer (including a surprise pick)

Your Android phone is getting a big security upgrade for free – here’s what’s new

How a 5-minute circuit scan saved me hundreds (and exposed a serious wiring surprise)

Using AI saves teachers ‘six weeks per year,’ Gallup poll finds – but at what cost?

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

ISO 20022 – End of MT Coexistence for Cash Instructions Fast Approaching

Building Trust and Shaping the Future: Implementing Responsible AI – Part 2

Windows 11 KB5060826 fixes slow Search, direct download links

Windows 11 KB5060826 fixes slow Search, direct download links

Rilasciata Tails 6.17: Più Privacy e Sicurezza con le Nuove Funzionalità

Rilasciata Deepin 25: La distribuzione GNU/Linux immutabile con assistente vocale e pacchetti universali

CVE-2025-52717 – LifterLMS SQL Injection

CVE-2025-49885 – HaruTheme WooCommerce Drag and Drop Multiple File Upload Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2025-49886 – WebGeniusLab Zikzag Core PHP RFI Vulnerability

Vulnerabilities in applications preloaded on Ulefone and Krüger&Matz smartphones

NVIDIA GeForce “Game Ready” graphics driver update fixes bugs from a previous release — Flickering screens patched

Lari: The AI-Powered Tie That Talks to You 24×7 – The Future of Smart Fashion Is Here

Redis returns to open source with AGPLv3 license but not everyone is happy

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

What tech titans Linus Torvalds and Bill Gates talked about in their first meeting

CVE-2025-6008 – KiCode111 like-girl SQL Injection Vulnerability

CVE-2025-42989 – Apache HTTP Server Authentication Bypass Privilege Escalation

CVE-2025-52717 – LifterLMS SQL Injection

Related Posts