Security Advisory

CVE-2025-41002

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-23 09:30:22

Last updated 2026-02-24 13:27:24

Assigner INCIBE

State PUBLISHED

Description

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the code parameter in /components/cart/cartApplyDiscount.php.

← Browse all CVEs View on cve.org ↗