CVE-2025-41029 — Joshua Nichols

Description

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-zeon-academy-pro-zeon-global-tech

Published: Apr 21, 2026 16:16 UTC Modified: Apr 21, 2026 16:20 UTC