CVE-2025-6008
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kicode111 | like-girl | 5.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6008 is a SQL injection vulnerability in the like-girl version 5.2.0 application, specifically in the /admin/ImgAddPost.php file. The vulnerability occurs because the input parameters imgDatd, imgText, and imgUrl are not properly sanitized or parameterized before being used in SQL queries. This allows an attacker to inject malicious SQL code remotely, potentially compromising the database. Exploitation requires authentication but can be done remotely, and proof-of-concept exploits are publicly available. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary SQL commands on the affected database, potentially leading to unauthorized access, data leakage, data modification, or deletion. It impacts the confidentiality, integrity, and availability of the system. Since the attack can be launched remotely after authentication, it poses a significant risk to the security of the application and its data. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the /admin/ImgAddPost.php endpoint with parameters such as imgDatd, imgText, and imgUrl to test for SQL injection. A practical approach is to use the sqlmap tool with a crafted request file (e.g., test.txt) containing the POST data, setting the level to 5 and risk to 3, specifying the database as MySQL, and using a random user-agent to evade detection. For example, a test POST parameter could be imgDatd=1*. Additionally, vulnerable targets can be identified using Google dorking with the query inurl:admin/ImgAddPost.php. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been published for this vulnerability, and the vendor did not respond to early disclosure attempts. Immediate steps include restricting access to the /admin/ImgAddPost.php endpoint, monitoring for suspicious activity, and considering replacing the affected product with an alternative solution to avoid exploitation. [3]