Daptin 0.10.3 Aggregate API SQL Injection Vulnerability (CVE-2025-15439)

Vulnerability Identifier - VDB-339384 - CVE-2025-15439 - GCVE-100-339384 Vulnerability Information - Name: DAPTIN 0.10.3 AGGREGATE API RESOURCE_AGGREGATE.GO GOQU.L COLUMN/GROUP/ORDER SQL INJECTION Ratings - CVSS Score: 6.0 - Current Exploit Price: $0-$5k - CTI Interest Score: 4.81 Vulnerability Details - A critical-level vulnerability has been identified in Daptin 0.10.3. The affected component is the Aggregate API, specifically the function in the file . Manipulation of the parameters leads to SQL injection. This vulnerability is cataloged under CVE-2025-15439. - The attack can be initiated remotely. Additionally, there are known exploitable instances of this vulnerability. The vendor was contacted early in the disclosure process but has not responded. Details - A vulnerability classified as critical was discovered in Daptin 0.10.3. The affected component is the function within the file in the Aggregate API. When processing unknown input parameters, this leads to an SQL injection vulnerability. CWE classifies this issue as CWE-89. The product constructs SQL commands in whole or in part using external, untrusted input from upstream components, but fails to properly neutralize or sanitize special elements that could alter the intended SQL command in downstream components. References - Recommended download:

Goal Reached Thanks to every supporter — we hit 100%!

Daptin 0.10.3 Aggregate API SQL Injection Vulnerability (CVE-2025-15439)