Security Advisory

CVE-2025-2200

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-17 10:09:49

Last updated 2025-03-18 15:48:51

Assigner INCIBE

State PUBLISHED

Description

SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.

← Browse all CVEs View on cve.org ↗