VYPR
Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

SQL injection vulnerability in Sergestec's Exito

CVE-2025-41018

Description

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sergestec/Exitollm-create2 versions
    = 8.0+ 1 more
    • (no CPE)range: = 8.0
    • (no CPE)range: 8.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.