SQL Injection in Domainspro
CVE-2025-40628
SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.
Vulnerability class: SQL Injection
EPSS: 0.003 (20.7th percentile) — read the EPSS interpretation.
Affected products
- Domainspro — versions 1.2