Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5.

Severity (CVSS)

Base score7.6
SeverityHigh
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Provided byCNA

Weaknesses

  • CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

VendorProductVersions
FunnelKitFunnel Builder by FunnelKitn/a to <=3.15.0.5

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 24 Jun 2026 09:35 UTC.