CVE-2025-11944

MEDIUM 4.7

givanz Vvveb Raw SQL import.php import sql injection

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 52204b4a106b2fb02d16eee06a88a1f2697f9b35. It is recommended to apply a patch to fix this issue.

CWE	CWE-89 CWE-74
Vendor	givanz
Product	vvveb
Published	Oct 19, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for givanz vvveb

Be the first to know when new medium vulnerabilities affecting givanz vvveb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

givanz / Vvveb

1.0.7.0 1.0.7.1 1.0.7.2 1.0.7.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.329024 vuldb.com: https://vuldb.com/?ctiid.329024 vuldb.com: https://vuldb.com/?submit.673129 github.com: https://github.com/givanz/Vvveb/issues/332 github.com: https://github.com/givanz/Vvveb/issues/332#issue-3505043543 github.com: https://github.com/givanz/Vvveb/commit/52204b4a106b2fb02d16eee06a88a1f2697f9b35 github.com: https://github.com/givanz/Vvveb/

Credits

🔍 Huu1j (VulDB User)