DobryCMS: Malicious Code Can Be Injected via URL

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.3

DobryCMS: Malicious Code Can Be Injected via URL

CVE-2025-12462

Summary

DobryCMS software has a security flaw that allows an attacker to inject malicious code into the system by manipulating the URL. This could allow an attacker to access sensitive information or take control of the website. To protect your site, update to a version of DobryCMS that is above 8.0.

Original title

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection. This issue was f...

Original description

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection.

This issue was fixed in versions above 8.0.

nvd CVSS4.0 9.3

Vulnerability type

CWE-89 SQL Injection

https://cert.pl/posts/2026/03/CVE-2025-12462/

Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026