CVE-2025-11252

CRITICAL WAF: High

CVSS 9.8 Published: 2026-02-27

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

Affected Software

Vendor	Product	Version
signumtte	windesk.fm	up to 27022026

References

www.usom.gov.tr (Third Party Advisory)

Back to CVE Database