CVE-2025-26348 | Nozomi Q-Free MaxTime up to 2.11.0 model.lua editUserMenu sql injection

CVE-2025-26348 | Nozomi Q-Free MaxTime up to 2.11.0 model.lua editUserMenu sql injection

A vulnerability has been found in Nozomi Q-Free MaxTime up to 2.11.0 and classified as critical. This vulnerability affects the function editUserMenu of the file maxprofile/menu/model.lua. The manipulation leads to sql injection. This vulnerability was named CVE-2025-26348. The attack can be initiated remotely. There is no exploit available.