Vulnerability Database

319,478

Total vulnerabilities in the database

CVE-2025-56450

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the lead_id parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. The backend fails to sanitize the user input, allowing enumeration of database schemas, table names, and potentially leading to full database compromise.

Published: Oct 21, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-56450
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo