CVE-2025-40639 PHP — Exploit & Vulnerability Details HIGH

CVE-2025-40639

HIGH CVSS 4.0: 8.7 EPSS 0.03%

Parameter	Value
CVSS	8.7 (HIGH)
Type	CWE-89 (SQL Injection (SQL-инъекция))
Vendor	PHP
Public PoC	No

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v4.0

Weakness Type (CWE)

CWE-89 SQL Injection (SQL-инъекция)

References 1

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-eve…

cve-coordination@incibe.es

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3786

PHP

5.3

CVE-2026-3785

PHP

5.3

CVE-2026-3767

PHP

5.3

CVE-2026-3766

PHP

5.1

CVE-2026-3764

PHP

6.9

Menu

CVE-2025-40639

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-3786

CVE-2026-3785

CVE-2026-3767

CVE-2026-3766

CVE-2026-3764

CVE Details

Editor's Choice

Menu

CVE-2025-40639

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-3786

CVE-2026-3785

CVE-2026-3767

CVE-2026-3766

CVE-2026-3764

CVE Details

Editor's Choice

Stay informed on cybersecurity