SQL Injection in Namelessmc Nameless

CVE-2025-32389

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET param…

Vulnerability class: SQL Injection

EPSS: 0.003 (50.8th percentile) — read the EPSS interpretation.

Affected products

Namelessmc Nameless — versions < 2.1.4

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x (x_refsource_CONFIRM)
https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f (x_refsource_MISC)
https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4 (x_refsource_MISC)