CVE-2025-66944
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-04
CWE-89 CWE-89
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| databasir | databasir | up to 1.0.7 |
References
- github.com (Exploit, Issue Tracking)
- zeroday.endlessparadox.com (Exploit, Third Party Advisory)