CVE-2025-6830 CRITICAL

CVE-2025-6830: SQLi in Xpoda Türkiye Information Technology's Password Module

Vendor Xpoda Türkiye Information Technology Inc.

Product Password Module

Weakness CWE-89 · SQLi

Published February 9, 2026

Last update June 5, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection. This issue affects Password Module: through 11022026.

Key dates

02Disclosure timeline

February 9, 2026 CVE published

June 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6830

Related vulnerabilities

04Related CVE

CVE-2023-37924 Apache Submarine: SQL injection from unauthorized login CVE-2023-7176 Campcodes Online College Library System HTTP POST Request return_add.php sql injection CVE-2025-2683 PHPGurukul Bank Locker Management System profile.php sql injection CVE-2025-8703 Wanzhou WOES Intelligent Optimization Energy Saving System Environmental Real-Time Data Module GetAreaTrendChartData sql injection CVE-2026-3148 SourceCodester Simple and Nice Shopping Cart Script signup.php sql injection

Identifiers

CVE CVE-2025-6830

CWE CWE-89

CVSS 9.8 / CRITICAL

Affected versions

Vendor Xpoda Türkiye Information Technology Inc.

Product Password Module

Affected ≤ 11022026