What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
Explanation of Vulnerability in Simple Terms
02Summary
Propovoice Pro versions up to 1.7.0.3 contain a SQL injection vulnerability in an unauthenticated network-accessible endpoint. An attacker can craft malicious input to extract sensitive data from the application's database, including user credentials and configuration details. The vulnerability requires no user interaction and can be exploited remotely without authentication.
What an attacker can do
03Attacker Capabilities
Extract sensitive data from the database, including user credentials and site configuration.
Potential impact on your site
04Site Impact
Attackers can read user accounts, passwords, and private data stored in the database without logging in.
Conditions required to exploit
05Prerequisites
Network access to the Propovoice Pro application; no authentication required.
Key dates
06Disclosure timeline
August 29, 2024
CVE published
April 28, 2026
Record updated