SQL Injection Vulnerability in Innovación y Cualificación Local Administration Plugin

CVE-2025-2199

Summary

An SQL injection vulnerability exists in the Innovación y Cualificación local administration plugin's ajax.php file. This flaw enables attackers to execute unauthorized SQL queries, potentially allowing them to access, modify, or delete sensitive database information through specific functions. Attackers can exploit this vulnerability via the 'searchActionsToUpdate', 'searchSpecialitiesPending', 'searchSpecialitiesLinked', 'searchUsersToUpdateProfile', 'training_action_data', 'showContinuingTrainingCourses', and 'showUsersToEdit' endpoints, leading to significant data breaches and unauthorized alterations.

References