← Back

Rhapsode

rhapsode

Vendor: Area9lyceum • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-67811
1Area9lyceum
2Rhapsode
Rhapsode Learner
Feb 10, 2026
Jan 9, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized d...Show more
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.Show less
CVE-2025-67810
1Area9lyceum
1Rhapsode
Feb 10, 2026
Jan 9, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further version...Show more
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.Show less