CVE-2025-32389 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by provid…
High CVSS: 8.6

CVE-2025-32389

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.
Vendor
Namelessmc
Product
Nameless
CWE
CWE-89
Yayın Tarihi
2025-04-18 16:15:23
Güncelleme
2025-05-13 15:23:15
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-89 Nameless HIGH Namelessmc 2025

Referanslar

https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4 https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x