FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-89 | |
Metrics |
cvssV3_1
|
Tue, 02 Sep 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-02T19:48:50.800Z
Reserved: 2025-08-13T00:00:00.000Z
Link: CVE-2025-55476

Updated: 2025-09-02T19:48:28.532Z

Status : Received
Published: 2025-09-02T18:15:35.783
Modified: 2025-09-02T20:15:35.903
Link: CVE-2025-55476

No data.

No data.