Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Apr 18, 2025

NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages

CVE-2025-32389

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param[0]=a&param[1]=b&param[2]=c utilized by PHP, which is parsed by PHP as $_GET['param'] being of type array. This issue has been patched in version 2.1.4.

Affected products

Namelessmc/Namelessv5
Range: < 2.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566fmitrex_refsource_MISC
github.com/NamelessMC/Nameless/releases/tag/v2.1.4mitrex_refsource_MISC
github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2xmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000