Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Apr 18, 2025
NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages
CVE-2025-32389
Description
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param[0]=a¶m[1]=b¶m[2]=c utilized by PHP, which is parsed by PHP as $_GET['param'] being of type array. This issue has been patched in version 2.1.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.1.4+ 1 more
- (no CPE)range: <2.1.4
- (no CPE)range: < 2.1.4
Patches
Vulnerability mechanics
References
3- github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566fmitrex_refsource_MISC
- github.com/NamelessMC/Nameless/releases/tag/v2.1.4mitrex_refsource_MISC
- github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2xmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.