CVE Catalog
CVE-2025-69094
HighCVSS 8.5Summary
The Unicamp plugin version 2.2.2 and earlier contains a SQL injection vulnerability exploitable by subscribers. An attacker with subscriber privileges can inject malicious SQL queries, potentially leading to unauthorized database access.
Risk Assessment
The risk includes potential leakage of sensitive user data and modification or deletion of database records, which could compromise system integrity and data privacy.
Recommendation
It is recommended to immediately update the Unicamp plugin to the latest available version that fixes this vulnerability. Also, restrict subscriber privileges to the minimum necessary for operation.
Original NVD description (English source)
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

