cbcvebase.
CVE-2025-63689
published 2025-11-07

CVE-2025-63689: Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote…

PriorityP262critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.77%
50.9th percentile
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter

Affected

1 ranges
VendorProductVersion rangeFixed in
ycf1998money-pos< 2025-09-142025-09-14
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.