CVE-2025-41029
CriticalSummary
CVE-2025-41029 describes an SQL injection vulnerability in Zeon Academy Pro that allows an attacker to manipulate the database by sending a POST request with the 'phonenumber' parameter in '/private/continue-upload.php'.
Risk Assessment
This vulnerability can lead to unauthorized access, modification, and deletion of data, posing a significant threat to the integrity and confidentiality of information within the organization.
Recommendation
It is recommended to immediately patch the vulnerability by updating the software to the latest version and implementing appropriate security measures against SQL injection attacks.
Original NVD description (English source)
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'.

