CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the ‘data%5BPage%5D%5Bname%5D’ parameter in /apprain/page/manage-dynamic-pages/create.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apprain-cmf