CVE-2025-63689
published 2025-11-07CVE-2025-63689: Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote…
PriorityP262critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.77%
50.9th percentile
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ycf1998 | money-pos | < 2025-09-14 | 2025-09-14 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-07
Published