CVE-2025-11911
BaseFortify
Publication date: 2025-10-17
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| streamax | streamax_crocus | 1.3.40 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL injection flaw in Shenzhen Ruiming Technology's Streamax Crocus version 1.3.40. It occurs in the Query function of the /DeviceFault.do?Action=Query endpoint, specifically through manipulation of the 'sortField' parameter. Due to improper input sanitization, an attacker can inject malicious SQL commands remotely without authentication, potentially compromising the system's database. [2, 3]
How can this vulnerability impact me? :
The vulnerability allows remote attackers to execute arbitrary SQL commands on the affected system, which can lead to unauthorized access, modification, or deletion of sensitive data. This compromises the confidentiality, integrity, and availability of the system, potentially causing data breaches, operational disruption, and loss of trust. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the endpoint /DeviceFault.do with the parameter Action=Query and inspecting the sortField parameter for suspicious or crafted SQL injection payloads. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on SQL injection patterns targeting this parameter. Additionally, manual testing using tools like curl or sqlmap can help detect the vulnerability. For example, a curl command to test might be: curl -G "http://<target>/DeviceFault.do" --data-urlencode "Action=Query" --data-urlencode "sortField=' OR '1'='1". Using sqlmap: sqlmap -u "http://<target>/DeviceFault.do?Action=Query&sortField=test" --risk=3 --level=5 --dbs to test for SQL injection on the sortField parameter. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /DeviceFault.do?Action=Query by implementing network-level controls such as IP whitelisting or firewall rules to limit access only to trusted users. Deploy a web application firewall (WAF) with SQL injection detection and prevention rules to block malicious payloads targeting the sortField parameter. Since no patches or vendor fixes are available, consider disabling or replacing the affected Crocus system version 1.3.40 if possible. Monitoring logs for suspicious activity and applying strict input validation or sanitization on the server side (if you have control over the application) are also recommended. [3]