Description
A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.
References (1)
Core 1
Core References
Various Sources
https://cert.pl/posts/2026/03/CVE-2025-12462/
Scores
CVSS v4
9.3
EPSS
0.0045
EPSS Percentile
35.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
Studio Fabryka/DobryCMS
< 8.0
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026