CVE-2025-63689

Published: Nov 7, 2025

Modified: Jan 27, 2026

PUBLISHED

Description

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ycf1998/money-pos/issues/3

https://gist.github.com/LockeTom/2ed0f3751c88542f48b7c230468d2a46

https://github.com/ycf1998/money-pos/commit/11f276bd20a41f089298d804e43cb1c39d041e59

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63689

Description

Affected Products

References