Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Windesk.Fm: Hacker Could Execute Unwanted Database Commands
CVE-2025-11252
Summary
The Windesk.Fm software from Signum Technology Promotion and Training Inc. is not protecting against a type of attack that could let an attacker execute unauthorized database commands. This is a serious issue because it could allow a hacker to access or modify sensitive data. The vendor has not responded to our notification, so it's unclear if or when a fix will be available.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| signumtte | windesk.fm | <= 27022026 | – |
Original title
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affect...
Original description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS3.1
9.8
Vulnerability type
CWE-89
SQL Injection
- https://www.usom.gov.tr/bildirim/tr-26-0085 Third Party Advisory
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026