Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Remediation

References

CVE-2025-47172

Related Vulnerabilities

IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946)

Oracle Database Server CVE-2019-2517 Vulnerability (CVE-2019-2517)

Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33158)

Jboss EAP Credentials Management Errors Vulnerability (CVE-2009-5066)

WordPress Plugin Elements kit Elementor addons (Header & Footer Builder, Mega Menu Builder, Layout Library) Multiple Cross-Site Scripting Vulnerabilities (2.1.7)

Severity

High

Classification

CVE-2025-47172 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities