What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in manu225 Falling things falling-things allows SQL Injection.This issue affects Falling things: from n/a through <= 1.08.
Explanation of Vulnerability in Simple Terms
02Summary
Falling Things versions 1.08 and earlier contain a SQL injection vulnerability accessible to high-privilege users. An attacker with administrative or elevated access can inject malicious SQL commands through unfiltered input, potentially reading sensitive database records. The vulnerability also impacts system availability. A patch version has not been publicly identified.
What an attacker can do
03Attacker Capabilities
Read sensitive database records and degrade system availability if they have high-level site access.
Potential impact on your site
04Site Impact
High-privilege accounts (admins) can be compromised to extract database contents or cause service disruption.
Conditions required to exploit
05Prerequisites
Attacker must have high-privilege account access (admin or equivalent role); no user interaction required.
Key dates
06Disclosure timeline
April 4, 2025
CVE published
April 28, 2026
Record updated