beardenx/CVE-2025-28009

Releases0

SQL Injection in Dietiqa App v1.0.20 (CVE-2025-28009) – Unauthenticated remote data access via vulnerable parameter.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-28009 ↗	Apr 17, 2025Thursday, 17 April 2025, 18:15	9.8 CRITICAL	—
A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20.