Area9lyceum

area9lyceum

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67811 1Area9lyceum 2Rhapsode Rhapsode Learner Feb 10, 2026 Jan 9, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized d...Show more Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.Show less
CVE-2025-67810 1Area9lyceum 1Rhapsode Feb 10, 2026 Jan 9, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further version...Show more In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-67811

1Area9lyceum

2Rhapsode

Rhapsode Learner

Feb 10, 2026

Jan 9, 2026

N/A· v4

6.5 MEDIUM· v3

N/A· v2

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized d...Show more

CVE-2025-67810