CVE-2025-40618 Information

Description

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve create update and delete databases by sending an HTTP request through the \IDRESERVA\  parameter in /bkg_imprimir_comprobante.php

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy