Description

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing on integer parameter.

Related CPE's

a

itflow

itflow

Vulnerable

References

https://github.com/itflow-org/itflow

Product

https://www.helx.io/blog/advisory-itflow/

Third Party Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-15T15:15:50.740Z

1 month ago

Last modified

2026-01-23T18:35:09.720Z

3 weeks ago