2ClickPortal Software Hit by SQL Injection Flaw

A critical SQL injection vulnerability has been identified in the 2ClickPortal software, according to an advisory published by CERT Poland. The flaw, tracked as CVE-2025-4568, could allow attackers to manipulate backend databases by injecting malicious SQL code through user-facing input fields. Such vulnerabilities may be exploited to access, modify, or delete sensitive data without proper authorization.

The 2ClickPortal platform, often used for content management and digital services, is now under scrutiny following the disclosure. Although the advisory does not provide technical specifics or mitigation steps, the presence of an SQL injection flaw suggests a potential risk to systems running unpatched versions of the software.

CERT Poland has made the vulnerability details available on its official website. Users and administrators of 2ClickPortal are advised to monitor official channels for security updates and apply patches as they become available. No further information on exploitation or affected versions was disclosed in the initial advisory.