CVE-2025-56385
WellSky Harmony 4.1.0.2.83 has a SQL injection in the login endpoint xmHarmony.asp via the TXTUSERID parameter. The vulnerability arises from insufficient sanitization of user input before it is used in a SQL query, enabling authentication bypass, data leakage, or potential full compromise of bac...