{"uuid": "ab23c2b2-cfb8-4949-acaa-fe792215f2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40617", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13877", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40617\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the \"IDTIPO\", \"IDPISTA\" and \"IDSOCIO\" parameters in /bkg_seleccionar_hora_ajax.php.\n\ud83d\udccf Published: 2025-04-29T15:42:32.647Z\n\ud83d\udccf Modified: 2025-04-29T16:17:03.869Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy", "creation_timestamp": "2025-04-29T17:12:12.000000Z"}