Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.

Published: Aug 2, 2025
Updated: Aug 3, 2025
CVE: CVE-2025-54790
Exploit:

No technical information available.

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://github.com/humhub/cfiles/pull/252
https://github.com/humhub/cfiles/releases/tag/v0.16.10
https://github.com/humhub/cfiles/security/advisories/GHSA-rfvq-g9rm-pgqj

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo