CVE-2025-11024
published 2026-05-14CVE-2025-11024: Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
27.7th percentile
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.
This issue affects E-Commerce Website: before 4.5.001.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| akilli_commerce_software_technologies_ltd_co | e-commerce_website | < 4.5.001 | 4.5.001 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Akilli E-Commerce Website up to 4.5.0 sql injection
vuldb·2026-05-14·CVSS 9.8
CVE-2025-11024 [CRITICAL] Akilli E-Commerce Website up to 4.5.0 sql injection
A vulnerability labeled as critical has been found in Akilli E-Commerce Website up to 4.5.0. This impacts an unknown function. Executing a manipulation can lead to sql injection.
This vulnerability is handled as CVE-2025-11024. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
GHSA
GHSA-6g4r-8638-677q: Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd
ghsa_unreviewed·2026-05-14
CVE-2025-11024 [CRITICAL] CWE-89 GHSA-6g4r-8638-677q: Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.
This issue affects E-Commerce Website: before 4.5.001.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published