Unauthenticated SQL Injection in Log2Space Subscriber Management Software
CVE-2025-56450

Currently unrated

Key Information:

Vendor

Log2Space

Status
Subscriber Management Software
Vendor
CVE Published:
21 October 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-56450?

The Log2Space Subscriber Management Software version 1.1 is vulnerable to an unauthenticated SQL injection attack through the lead_id parameter in the /l2s/api/selfcareLeadHistory endpoint. By crafting a malicious POST request, an attacker can execute arbitrary SQL queries, exploiting the backend's failure to properly sanitize user input. This vulnerability may allow attackers to enumerate database schemas and table names, potentially leading to full database access and compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-56450
Created by apboss123

References

https://reference1.example.com/selfcare/login
https://github.com/apboss123/CVE-2025-56450/blob/main/REA...

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.