CVE-2025-12462

UNKNOWN 0.0

Blind SQL Injection in DobryCMS

CVSS Score

0.0

EPSS Score

0.2%

EPSS Percentile

37th

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.

CWE	CWE-89
Vendor	studio fabryka
Product	dobrycms
Published	Mar 2, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for studio fabryka dobrycms

Be the first to know when new unknown vulnerabilities affecting studio fabryka dobrycms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Studio Fabryka / DobryCMS

0 < 8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/03/CVE-2025-12462/

Credits

Jarosław Wieczorek Paweł Berus Kacper Gendosz Karolina Buchnat