CVE-2025-56450

MEDIUM

Log2Space Subscriber Management Software 1.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56450. PoCs published by apboss123.

AI-analyzed exploit summary This repository contains a detailed writeup describing an unauthenticated SQL Injection vulnerability in Log2Space Subscriber Management Software version 1.1. The vulnerability exists in the /l2s/api/selfcareLeadHistory endpoint via the lead_id parameter, allowing arbitrary SQL query execution.

Description

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. The backend fails to sanitize the user input, allowing enumeration of database schemas, table names, and potentially leading to full database compromise.

Exploits (1)

nomisec WRITEUP
by apboss123 · poc
https://github.com/apboss123/CVE-2025-56450

This repository contains a detailed writeup describing an unauthenticated SQL Injection vulnerability in Log2Space Subscriber Management Software version 1.1. The vulnerability exists in the /l2s/api/selfcareLeadHistory endpoint via the lead_id parameter, allowing arbitrary SQL query execution.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Log2Space Subscriber Management Software (Version 1.1)
No auth needed
Prerequisites: Network access to the target system · Vulnerable version of Log2Space Subscriber Management Software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0031
EPSS Percentile 22.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Published Oct 21, 2025
Tracked Since Feb 18, 2026