CVE Catalog

CVE-2025-41029

Critical
Published: Translated: NVD NIST

Summary

CVE-2025-41029 describes an SQL injection vulnerability in Zeon Academy Pro that allows an attacker to manipulate the database by sending a POST request with the 'phonenumber' parameter in '/private/continue-upload.php'.

Risk Assessment

This vulnerability can lead to unauthorized access, modification, and deletion of data, posing a significant threat to the integrity and confidentiality of information within the organization.

Recommendation

It is recommended to immediately patch the vulnerability by updating the software to the latest version and implementing appropriate security measures against SQL injection attacks.

Original NVD description (English source)

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS