SQL Injection in Domainspro

CVE-2025-40628

SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.

Vulnerability class: SQL Injection

EPSS: 0.003 (20.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References