CVE-2025-48299

Publication date

2025-07-16 10:36:53

Family

Patchstack

State

PUBLISHED

Description

Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through <= 1.5.5.