CVE-2025-61540 | Ultimate PHP Board 2.2.7 lostpassword.php Username sql injection

October 16, 2025 Yanac

A vulnerability was found in Ultimate PHP Board 2.2.7. It has been declared as critical. This impacts an unknown function of the file lostpassword.php. Executing manipulation of the argument Username can lead to sql injection.

This vulnerability is registered as CVE-2025-61540. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More

CVE-2025-41254 | VMware Spring Framework up to 5.3.45/6.0.29/6.1.23/6.2.11 STOMP over WebSocket cross-site request forgery (WID-SEC-2025-2320)
CVE-2025-36002 | IBM Sterling B2B Integrator/Sterling File Gateway up to 6.2.0.5/6.2.1.0 Configuration information disclosure