CVE-2025-31561

Published Apr 1, 2025

Last updated 3 days ago

CVSS high 8.5

Overview

Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
Source
audit@patchstack.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.5
Impact score
4.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Severity
HIGH

Weaknesses

audit@patchstack.com
CWE-89

Social media

Hype score
Not currently trending

  1. [CVE-2025-31561: HIGH] Critical SQL Injection vulnerability found in M. Tuhin Ultimate Push Notifications (n/a - 1.1.8). Ensure immediate patching to secure systems from potential cyber attacks. #cybersecurity#cybersecurity,#vulnerability https://t.co/ks0lxFEgiz https://t.co/9i90

    @CveFindCom

    1 Apr 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References