Description

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter

INFO

Published Date :

2025-11-07T00:00:00.000Z

Last Modified :

2026-01-27T17:07:38.095Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63689 vulnerability.

Vendors Products
Money-pos
  • Money-pos
Ycf1998
  • Money-pos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63689.

URL Resource
https://gist.github.com/LockeTom/2ed0f3751c88542f48b7c230468d2a46 cve-icon cve-icon
https://github.com/ycf1998/money-pos/commit/11f276bd20a41f089298d804e43cb1c39d041e59 cve-icon cve-icon
https://github.com/ycf1998/money-pos/issues/3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact