Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: before v2.3.4. 
NOTE: 
The vendor patched the vulnerability after the CVE was published.
Published: 2026-02-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection in Windesk.Fm
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an Improper Neutralization of Special Elements used in an SQL Command, known as SQL injection, in Signum Technology Promotion and Training Inc.'s Windesk.Fm. The flaw allows attackers to inject arbitrary SQL statements into a query, potentially leading to unauthorized database access, disclosure of sensitive information, or modification of data. This weakness is categorized as CWE-89.

Affected Systems

Windesk.Fm versions prior to 2.3.4 are affected. The product is supplied by Signum Technology Promotion and Training Inc.

Risk and Exploitability

The CVSS score of 9.8 highlights a critical risk, while the EPSS score of less than 1% indicates a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via the web interface where user-supplied input is incorporated into SQL queries without proper sanitization. An attacker could abuse this to read, modify, or delete data in the underlying database if the database user has sufficient privileges.

Generated by OpenCVE AI on April 20, 2026 at 15:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Windesk.Fm to version 2.3.4 or later.
  • Ensure all user-supplied input is sanitized and use parameterized queries to prevent SQL injection.
  • Monitor database logs for suspicious activity and, if necessary, restrict database privileges or isolate the database from the web-facing application.

Generated by OpenCVE AI on April 20, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: before v2.3.4.  NOTE:  The vendor patched the vulnerability after the CVE was published.

Fri, 06 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Signum Technology Promotion And Training
Signum Technology Promotion And Training windesk.fm
Vendors & Products Signum Technology Promotion And Training
Signum Technology Promotion And Training windesk.fm

Sat, 28 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Signumtte
Signumtte windesk.fm
CPEs cpe:2.3:a:signumtte:windesk.fm:*:*:*:*:*:*:*:*
Vendors & Products Signumtte
Signumtte windesk.fm

Fri, 27 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title SQLi in Signum Technologies' windesk.fm
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Signum Technology Promotion And Training Windesk.fm
Signumtte Windesk.fm
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-04-16T15:10:42.074Z

Reserved: 2025-10-03T11:31:07.895Z

Link: CVE-2025-11252

cve-icon Vulnrichment

Updated: 2026-03-06T15:33:41.643Z

cve-icon NVD

Status : Modified

Published: 2026-02-27T13:16:01.343

Modified: 2026-04-16T16:16:14.550

Link: CVE-2025-11252

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T15:45:10Z

Weaknesses