CVE-2025-40639

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

EUVD-2025-208400

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

CVE-2025-40639 SQL injection in Eventobot

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

CVE-2025-40639

CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...

PT-2026-24051

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...

Eventobot SQL注入漏洞

Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...