Critical severity9.8NVD Advisory· Published Apr 29, 2025· Updated Jun 17, 2026
CVE-2025-40617
CVE-2025-40617
Description
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgynvdThird Party Advisory
News mentions
0No linked articles in our index yet.