SQLi in Ncvav’s Virtual PBX Software

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title SQLi in Ncvav’s Virtual PBX Software
Type cve
Published 2025-07-28T11:05:16.203Z
Modified 2025-07-28T11:05:16.203Z

Product Information

Vendor Ncvav
Product Virtual PBX Software
Version 0

CVSS Information

Base Score 9.8 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • Ncvav Virtual PBX Software 0

Additional Information

CWE List CWE-89
Source TR-CERT

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ncvav Virtual PBX Software allows SQL Injection.This issue affects Virtual PBX Software: before 09.07.2025.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.