Key Information Vulnerability Overview CVE ID: CVE-2025-60514 Vulnerability Type: SQL Injection Affected Versions: Tillywork v0.1.3 and earlier Affected File: Basic Information Researcher: Kusol Watchara-Apanukorn (Research and Community Lead) Project Link: https://github.com/tillywork/tillywork Fix Commit: https://github.com/tillywork/tillywork/pull/288 Tested Version: v0.1.3 - Collaboration Proof of Concept (PoC) 1. Insert Single Quote: When using the operator, inserting a single quote in the causes the server to return a 500 Internal Server Error. 2. SQL Syntax Error: SQL syntax errors can be observed in the server logs. Root Cause Analysis Root Cause: The server directly concatenates values in and clauses without parameterization. Code Snippets