CVE-2025-40639
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-09
CWE-89
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sbitsoft | eventobot | - |
References
- www.incibe.es (Third Party Advisory)