CVE-2025-0488

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0488
A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Fanli2012/native-php-cms/issues/10 Exploit Issue Tracking Vendor Advisory
https://github.com/Fanli2012/native-php-cms/issues/10 Exploit Issue Tracking Vendor Advisory
https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658 Exploit Issue Tracking Vendor Advisory
https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658 Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.291933 Permissions Required VDB Entry
https://vuldb.com/?id.291933 Third Party Advisory VDB Entry
https://vuldb.com/?submit.475255 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:native-php-cms_project:native-php-cms:1.0:*:*:*:*:*:*:*
History

05 May 2025, 15:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:native-php-cms_project:native-php-cms:1.0:*:*:*:*:*:*:*
First Time Native-php-cms Project
Native-php-cms Project native-php-cms
References () https://github.com/Fanli2012/native-php-cms/issues/10 - () https://github.com/Fanli2012/native-php-cms/issues/10 - Exploit, Issue Tracking, Vendor Advisory
References () https://vuldb.com/?ctiid.291933 - () https://vuldb.com/?ctiid.291933 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.291933 - () https://vuldb.com/?id.291933 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.475255 - () https://vuldb.com/?submit.475255 - Third Party Advisory, VDB Entry
References () https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658 - () https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658 - Exploit, Issue Tracking, Vendor Advisory

16 Jan 2025, 16:15

Type Values Removed Values Added
CWE CWE-89
CWE-74

15 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-15 21:15

Updated : 2025-05-05 15:19

NVD link : CVE-2025-0488

Mitre link : CVE-2025-0488

JSON object : View

Products Affected

native-php-cms_project

  • native-php-cms
CWE

No CWE.