CVE-2025-12462 | HackTesting

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.

Credits

Jarosław Wieczorek

Paweł Berus

Kacper Gendosz

Karolina Buchnat

References

https://cert.pl/posts/2026/03/CVE-2025-12462/