Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-44830

EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.

Published

2025-05-12T16:15:25.187

Last Modified

2025-06-13T13:49:14.850

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	engineercms_project	engineercms	≤ 2.0.5	Yes

References

https://gist.github.com/LTLTLXEY/e00ec21b730742ef432a7a560cd9b70a Third Party Advisory ([email protected])
https://github.com/3xxx/engineercms/issues/90 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/3xxx/engineercms/issues/90 Exploit, Issue Tracking, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)