VYPR
Critical severity9.8NVD Advisory· Published Apr 29, 2025· Updated Jun 17, 2026

CVE-2025-40617

CVE-2025-40617

Description

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Bookgy/Bookgyllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: all versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.