πŸ” CVE Alert

CVE-2025-40639

UNKNOWN 0.0

SQL injection in Eventobot

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.

CWE CWE-89
Vendor eventobot
Product eventobot
Published Mar 9, 2026
Last Updated Mar 9, 2026
Stay Ahead of the Next One

Get instant alerts for eventobot eventobot

Be the first to know when new unknown vulnerabilities affecting eventobot eventobot are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

EVENTOBOT / Eventobot
all versions

References

NVD β†— CVE.org β†— EPSS Data β†—
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-eventobot

Credits

Gonzalo Aguilar GarcΓ­a (6h4ack)