CRITICAL SeverityCVSS 3.19.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2025-11252
Last updated Apr 16, 2026 · Published Feb 27, 2026
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published.
Affected products
1 listed- Signum Technology Promotion and Training Inc.:windesk.fm
Mappings
CWE
CWE-89
CAPEC
CAPEC-66
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms