CVE-2025-49897

High CVSS 8.5

Overview

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1.

CWE: CWE-89 Published: 2025-08-15T16:15:29.770

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.5 (HIGH)
Detected tags: blind_sql, sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries and sensible timeouts; minimize error details.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags