QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-2200

Back to search

CVE-2025-2200

Published: Mar 17, 2025

Modified: Mar 18, 2025

PUBLISHED

Description

SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.

VendorProductVersions

Innovación y Cualificación

IcProgreso plugin

affected
all versions

Weaknesses (CWE)

CWE-89

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now