CVE Daily

CVE-2025-49267

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti...

High CVSS 8.5

Overview

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3.

CWE: CWE-89 Published: 2025-08-14T11:15:39.817
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.5 (HIGH)
  • Detected tags: blind_sql, sql (tag impact: MODERATE)

Recommended actions:

  • Use parameterized queries and sensible timeouts; minimize error details.
  • Use parameterized queries/ORM (avoid string concatenation).
  • Add WAF rules and input validation.

Recommended tools

Tags