- Description
- SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.
- Source
- cve-coordination@incibe.es
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cve-coordination@incibe.es
- CWE-89
- Hype score
- Not currently trending
🚨 CVE-2025-40617 ⚠️🔴 CRITICAL (9.3) 🏢 Bookgy - Bookgy 🏗️ all versions 🔗 https://t.co/wkQUI2eUHE #CyberCron #VulnAlert #InfoSec https://t.co/KhWZfDVQiO
@cybercronai
30 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-40617: CRITICAL] Beware of SQL injection flaw in Bookgy! Attackers exploit "IDTIPO", "IDPISTA", "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php to access, modify, or delete databases. #cyber...#cve,CVE-2025-40617,#cybersecurity https://t.co/2HPO4FwhL3 https://t.c
@CveFindCom
29 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes