CRITICAL
Zeon Global Tech
CVE published 2026-04-21
CVE-2025-41029
A critical SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'phonenumber' parameter in /private/continue-upload.php. The vulnerability permits full database manipulation including retrieval, creation, modification, and deletion of data. The CVSS 4.0 vector indicates network attack vector with low attack co [truncated]