Search criteria
2 vulnerabilities found for windesk.fm by Signum Technology Promotion and Training Inc.
CVE-2025-11252 (GCVE-0-2025-11252)
Vulnerability from nvd – Published: 2026-02-27 12:32 – Updated: 2026-02-27 12:32
VLAI?
Title
SQLi in Signum Technologies' windesk.fm
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Signum Technology Promotion and Training Inc. | windesk.fm |
Affected:
0 , ≤ 27022026
(custom)
|
Credits
Engin AYDOĞAN
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "windesk.fm",
"vendor": "Signum Technology Promotion and Training Inc.",
"versions": [
{
"lessThanOrEqual": "27022026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Engin AYDO\u011eAN"
}
],
"datePublic": "2026-02-27T12:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.\u003cp\u003eThis issue affects windesk.Fm: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T12:32:33.594Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0085"
}
],
"source": {
"advisory": "TR-26-0085",
"defect": [
"TR-26-0085"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Signum Technologies\u0027 windesk.fm",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-11252",
"datePublished": "2026-02-27T12:32:33.594Z",
"dateReserved": "2025-10-03T11:31:07.895Z",
"dateUpdated": "2026-02-27T12:32:33.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11252 (GCVE-0-2025-11252)
Vulnerability from cvelistv5 – Published: 2026-02-27 12:32 – Updated: 2026-02-27 12:32
VLAI?
Title
SQLi in Signum Technologies' windesk.fm
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Signum Technology Promotion and Training Inc. | windesk.fm |
Affected:
0 , ≤ 27022026
(custom)
|
Credits
Engin AYDOĞAN
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "windesk.fm",
"vendor": "Signum Technology Promotion and Training Inc.",
"versions": [
{
"lessThanOrEqual": "27022026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Engin AYDO\u011eAN"
}
],
"datePublic": "2026-02-27T12:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.\u003cp\u003eThis issue affects windesk.Fm: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T12:32:33.594Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0085"
}
],
"source": {
"advisory": "TR-26-0085",
"defect": [
"TR-26-0085"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Signum Technologies\u0027 windesk.fm",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-11252",
"datePublished": "2026-02-27T12:32:33.594Z",
"dateReserved": "2025-10-03T11:31:07.895Z",
"dateUpdated": "2026-02-27T12:32:33.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}