Unauthenticated SQL Injection in Log2Space Subscriber Management Software
CVE-2025-56450

Currently unrated

Key Information:

Vendor: Log2Space
Status: Subscriber Management Software
Vendor: CVE Published:; 21 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-56450?

The Log2Space Subscriber Management Software version 1.1 is vulnerable to an unauthenticated SQL injection attack through the lead_id parameter in the /l2s/api/selfcareLeadHistory endpoint. By crafting a malicious POST request, an attacker can execute arbitrary SQL queries, exploiting the backend's failure to properly sanitize user input. This vulnerability may allow attackers to enumerate database schemas and table names, potentially leading to full database access and compromise.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-56450
Created by apboss123

References

https://reference1.example.com/selfcare/login

https://github.com/apboss123/CVE-2025-56450/blob/main/REA...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
🟡
Public PoC available
Oct 17, 2025
👾
Exploit known to exist
Oct 17, 2025
Vulnerability Reserved
Aug 17, 2025

JSON