CVE-2025-46109
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pbootcms | pbootcms | From 3.2.5 (inc) to 3.2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46109 is a vulnerability in pbootCMS versions 3.2.5 and 3.2.10 that allows a remote attacker to perform SQL Injection via the 'tag' parameter in a GET request. The vulnerability arises because user input is improperly sanitized and directly used in SQL queries, enabling attackers to inject malicious SQL code. This injection can extract sensitive information such as user passwords from the database. Additionally, the vulnerability chain includes Cross-Site Scripting (XSS) attacks using SQLite-specific functions to bypass sanitization, and Remote Code Execution (RCE) by injecting malicious code into cached content that is later decoded and executed by the server. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized disclosure of sensitive data like user passwords, enabling attackers to steal confidential information. It also allows persistent Cross-Site Scripting (XSS) attacks that can compromise users' browsers and sessions. Most critically, it can lead to full Remote Code Execution (RCE) on the server hosting pbootCMS, allowing attackers to execute arbitrary code, potentially taking full control of the affected system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted GET requests targeting the 'tag' parameter to check for SQL Injection. For example, you can use curl to send a request with a payload that attempts to inject a UNION SELECT statement to extract data, such as: curl -G 'http://targetsite/index.php' --data-urlencode "tag=1=2)UNION SELECT 1,2,3,4,5,(select password from ay_user limit 0,1),7--" If the response contains sensitive data like user passwords or unusual output, it indicates the presence of the vulnerability. Additionally, monitoring web server logs for suspicious GET requests with unusual SQL syntax in the 'tag' parameter can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Restrict access to the vulnerable endpoints, especially the ones processing the 'tag' parameter. 2. Implement web application firewall (WAF) rules to block requests containing suspicious SQL injection patterns targeting the 'tag' parameter. 3. Avoid using vulnerable versions (3.2.5 and 3.2.10) of pbootCMS; upgrade to a fixed version if available (versions above 3.2.12 are implied to be fixed). 4. Review and sanitize all user inputs more strictly, especially those used in SQL queries, and avoid dynamic SQL concatenation. 5. Monitor logs for exploitation attempts and consider temporarily disabling features that process the 'tag' parameter until a patch is applied. [1, 2]