Vulnerability Details CVE-2025-55476
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.2%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-55476
-
cpe:2.3:a:shaneisrael:fireshare:1.2.25