CVE-2025-50979

High CVSS: 8.6

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.

Vendor

Nodebb

Product

Nodebb

CWE

CWE-89

Yayın Tarihi

2025-08-27 18:15:45

Güncelleme

2025-09-09 18:45:06

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Nodebb HIGH Nodebb 2025

Referanslar

https://github.com/4rdr/proofs/blob/main/info/NodeBB-v4.3.0.-SQL-Injection-via-search-parameter.md

Benzer Kayıtlar

Medium

CVE-2025-29512

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and…

Medium

CVE-2025-29513

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in…

Medium

CVE-2024-57041

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code…