SQL Injection in Opensolution Quickcms
CVE-2025-12465
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vu…
Vulnerability class: SQL Injection
EPSS: 0.000 (9.8th percentile) — read the EPSS interpretation.
Affected products
- Opensolution Quickcms — versions 6.8
Weakness classification (CWE)
References
- cert.pl/posts/2025/12/CVE-2025-12465/ (third-party-advisory)