CVE-2025-9399
BaseFortify
Publication date: 2025-08-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wanglongcn | yifang | to 2.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9399 is a SQL injection vulnerability in YiFang CMS up to version 2.0.5. It occurs because the application does not properly filter or sanitize user input in the 'new_url' argument within the file app/logic/L_tool.php. This allows attackers to inject malicious SQL commands remotely, potentially manipulating the database by unauthorized means. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely execute SQL injection attacks, which may lead to unauthorized access, modification, or deletion of data in the database. It affects the confidentiality, integrity, and availability of the affected system, potentially compromising sensitive information and disrupting normal operations. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for requests targeting the file app/logic/L_tool.php with the new_url parameter. Attackers may use Google dorking with queries like 'inurl:app/logic/L_tool.php' to find vulnerable instances. On your system or network, you can monitor HTTP requests for suspicious or unexpected input in the new_url parameter. For example, you can use tools like grep or network monitoring to find such requests. A sample command to search web server logs for the vulnerable endpoint could be: grep 'app/logic/L_tool.php' /var/log/apache2/access.log. Additionally, monitoring for SQL injection patterns in the new_url parameter may help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected component (YiFang CMS up to version 2.0.5) with an alternative product, as no known mitigations or patches have been published. Additionally, restricting access to the vulnerable endpoint app/logic/L_tool.php, implementing web application firewall (WAF) rules to block malicious SQL injection attempts targeting the new_url parameter, and monitoring for exploitation attempts are recommended. Since the vendor did not respond and no patches are available, these defensive measures are critical to reduce risk. [2]