CVE-2025-40728 Information

Description

SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve create update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-customer-support-system

Related CNNVD

CNNVD-202506-1867 (Published: 2025-06-16)