4 matches found
CVE-2025-26348
creationtimestamp| type| source ---|---|--- 2025-02-12 14:20:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113991355669364488...
CVE-2025-26348
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...
CVE-2025-26348
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...
CVE-2025-26348
CVE-2025-26348 affects Q-Free MaxTime (MaxTime suite). The vulnerability is an SQL Injection (CWE-89) in maxprofile/menu/model.lua at the editUserMenu endpoint, exploitable via crafted HTTP requests to execute arbitrary SQL. Affected: MaxTime versions