SQL Injection Vulnerability in Innovación y Cualificación Local Administration Plugin

CVE-2025-2199

What is CVE-2025-2199?

An SQL injection vulnerability exists in the Innovación y Cualificación local administration plugin's ajax.php file. This flaw enables attackers to execute unauthorized SQL queries, potentially allowing them to access, modify, or delete sensitive database information through specific functions. Attackers can exploit this vulnerability via the 'searchActionsToUpdate', 'searchSpecialitiesPending', 'searchSpecialitiesLinked', 'searchUsersToUpdateProfile', 'training_action_data', 'showContinuingTrainingCourses', and 'showUsersToEdit' endpoints, leading to significant data breaches and unauthorized alterations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References