CVE-2025-40617 Information

Description

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve create update and delete databases by sending an HTTP request through the \IDTIPO\ \IDPISTA\ and \IDSOCIO\ parameters in /bkg_seleccionar_hora_ajax.php.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy