CVE - CVE-2025-32389

CVE-ID
CVE-2025-32389	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f URL:https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f MISC:https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4 URL:https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4 MISC:https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x URL:https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20250406	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250406)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)