Title: Unauthenticated Time Based SQL Injection Vulnerability in Beakon versions prior to 5.4.3 Description: An unauthenticated time-based SQL injection vulnerability exists in the Beakon application within the Learning Management System (LMS)'s SCORM module. By sending specially crafted requests to the json_scorm.php along with ks (injectable) parameter, unauthenticated remote attackers can execute arbitrary SQL commands. This issue affects Beakon application versions before 5.4.3. Source URL: https://packetstorm.news/user/g30ff1rl/ Source Name: Geoff Zhang CVE: CVE-2025-46101 (Reserved for now) Affected Software: Beakon Software Affected Versions: versions prior to 5.4.3 Software URL: https://beakon.com.au/, https://beakon.io/ Proof of Concept/Content: An unauthenticated time-based SQL injection vulnerability exists in the Beakon application within the Learning Management System (LMS)'s SCORM module. By sending specially crafted requests to the json_scorm.php along with ks (injectable) parameter, unauthenticated remote attackers can execute arbitrary SQL commands. This issue affects Beakon version before 5.4.3. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the json_scorm.php function (https://example-base-url/json_scorm.php?s=dummy&m=putSCORM&u=dummy&c=dummy&preview=0&v=SCORM_12&id=dummy&ks={vulnerable}&vt=undefined). By injecting SQL syntax designed to cause conditional time delays (e.g., using SLEEP, WAITFOR DELAY, pg_sleep) into the [ks] parameter, the attacker can execute arbitary SQL commands. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N