CVE-2026-25514

High CVSS: 8.7

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in the CodeModel::all() method where user-supplied parameters are directly concatenated into SQL queries without sanitization or parameterized binding. This issue has been patched in version 2025.81.

Vendor

Facturascripts

Product

Facturascripts

CWE

CWE-20

Yayın Tarihi

2026-02-04 20:16:08

Güncelleme

2026-02-23 15:00:00

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Facturascripts HIGH Facturascripts 2026

Referanslar

https://github.com/NeoRazorX/facturascripts/commit/5c070f82665b98efd2f914a4769c6dc9415f5b0f https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-pqqg-5f4f-8952

Benzer Kayıtlar

High

CVE-2026-25513

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScr…

Medium

CVE-2026-23476

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected X…

High

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cro…

Low

CVE-2025-69210

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cr…