What the vulnerability does
01Description
Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’.
CVE-2025-41006
CRITICAL
CVE-2025-41006: Multiple vulnerabilities in Imaster products Open configuration options
CVSS base score
9.3/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
January 12, 2026
CVE published
January 12, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-24442 Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection
CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection
CVE-2024-35278
CVE-2024-10070 ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection
CVE-2026-1701 itsourcecode School Management System index.php sql injection
