CVE-2025-67889 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 Collector.php getQueryBuilder searchPhrase sql injection

Uncategorized
Yanac

A vulnerability was found in pkp pkp-lib up to 3.4.0-9/3.5.0-1. It has been classified as critical. The affected element is the function Collector::getQueryBuilder of the file /classes/institution/Collector.php. Performing manipulation of the argument searchPhrase results in sql injection.

This vulnerability was named CVE-2025-67889. The attack may be initiated remotely. In addition, an exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More