CVE-2025-40628

Vulnerability Description

SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.

Related Weaknesses (CWE)

CWE-89

References

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-domainspro

FAQ

What is CVE-2025-40628?

CVE-2025-40628 is a documented vulnerability. SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.

How severe is CVE-2025-40628?

CVSS scoring is not yet available for CVE-2025-40628. Check NVD for updates.

Is there a patch for CVE-2025-40628?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.