LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2025-10969

CVE-2025-10969 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 12, 2026

Farktor Software E-Commerce Services Inc. E-Commerce Package - SQL Injection

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

Farktor Software E-Commerce Services Inc. E-Commerce Package <= 27112025 contains a sql injection caused by improper neutralization of special elements in SQL commands, letting attackers perform blind SQL injection remotely, exploit requires crafted input.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 3.1%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary SQL queries, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version beyond 27112025.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Feb 12, 2026

šŸ”“ CVE-2025-10969 - Critical (9.8) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2025-10969/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2025-10969
Severity
Critical
CVSS Score
9.8
Type
sql_injection
Status
unconfirmed
EPSS
3.1%
Social Posts
1

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.1%Probability of exploitation in the next 30 days