CVE-2025-7886
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pmticket | project-management-software | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7886 is a critical SQL injection vulnerability in the pmTicket Project-Management-Software. It affects the getUserLanguage function in the classes/class.database.php file, where the user_id argument is improperly handled without sufficient input validation or typecasting. This allows a remote attacker to inject arbitrary SQL commands via the user_id parameter without authentication, potentially extracting sensitive information such as admin usernames and password hashes. [2, 3]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing remote attackers to execute unauthorized SQL commands on your pmTicket system without authentication. This can lead to disclosure of sensitive data, including administrator credentials, compromise of data integrity, and potential disruption of system availability. The attack is easy to perform and publicly known, increasing the risk of exploitation. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Vulnerable targets can be identified using Google dorking techniques such as searching for inurl:classes/class.database.php. Additionally, monitoring for unusual SQL queries or suspicious remote requests targeting the getUserLanguage function with manipulated user_id parameters may help detect exploitation attempts. Specific commands are not provided in the resources. [3]
What immediate steps should I take to mitigate this vulnerability?
No mitigation or countermeasures have been disclosed by the vendor, and no patches are available due to the rolling release model. Immediate steps include restricting access to the vulnerable endpoint, implementing web application firewalls (WAF) to detect and block SQL injection attempts, and monitoring network traffic for suspicious activity. Applying input validation and sanitization on the user_id parameter in custom deployments may help mitigate the risk until an official fix is released. [3]