Sbitsoft Vulnerabilities
Comprehensive security vulnerability database for Sbitsoft products
2
0
1
2
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-40639 | 8.7 | An attacker can manipulate the 'promo_send' parameter in Eventobot's discount calculation feature to access, modify, or delete data in the database. This vulnerability can be exploited if the attacker can send requests to the affected PHP script, potentially leading to serious data breaches or loss. | sbitsofteventobot | Theoretical | 30 days agoMar 9, 2026 |
| CVE-2025-40638 | 5.1 | An attacker can trick a user into clicking a malicious link that runs harmful JavaScript in their browser, potentially stealing sensitive information like session cookies or taking actions as if they were the user. This vulnerability occurs when the attacker manipulates the 'name' parameter in the search results page of Eventobot. | sbitsofteventobot | Exploit Available | 30 days agoMar 9, 2026 |
About Sbitsoft Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Sbitsoft products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.