Описание
Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-46011
- https://github.com/knadh/listmonk/issues/2412
- https://github.com/knadh/listmonk/commit/4b805f885b9f5a20126ec06f8b59dc448c4af33b
- https://github.com/kevinroleke/security/tree/main/CVE-2025-46011
- https://github.com/knadh/listmonk/releases/tag/v4.1.0
- https://github.com/knadh/listmonk/releases/tag/v5.0.0
Связанные уязвимости
CVSS3: 6.5
nvd
8 месяцев назад
Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.