Vulnerability Description
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-12465?
CVE-2025-12465 is a documented vulnerability. A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The ...
How severe is CVE-2025-12465?
CVSS scoring is not yet available for CVE-2025-12465. Check NVD for updates.
Is there a patch for CVE-2025-12465?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.