Key Information CVE ID: CVE-2025-50979 Affected Version: NodeBB v4.3.0 Vulnerability Type: SQL Injection Affected API Endpoint: Description: The search query parameter is not properly sanitized, allowing remote attackers to inject payloads for boolean-based blind SQL injection and PostgreSQL error-based injection. Test Command: SQL Injection Details: - Parameter: #1 (URI) - Type: Boolean-based blind, PostgreSQL OR error-based - Title: AND boolean-based blind in WHERE or HAVING clause, PostgreSQL OR error-based in WHERE or HAVING clause - Example Payloads**: - -