CVE-2025-12248
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cltph | cltph | 3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12248 is a Boolean-Based Blind SQL Injection vulnerability in CLTPHP version 3.0, specifically in the /home/search.html file. It occurs due to insufficient validation and sanitization of the user-controlled "keyword" parameter, allowing attackers to inject SQL code. This type of SQL injection exploits differences in application responses to infer database information without explicit error messages. Attackers can extract sensitive data, manipulate or delete database contents, bypass authentication, and disrupt service continuity. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized extraction of sensitive database information such as database names, table and column structures, and user credentials (including hashed passwords). Attackers can manipulate or delete data, alter user permissions, erase critical business records, bypass authentication to gain unauthorized access, and disrupt service continuity by corrupting data or enabling further attacks like lateral movement within internal networks. Exploitation requires no authentication and can be performed remotely. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or crafted HTTP GET requests targeting the /home/search.html endpoint with manipulated 'keyword' parameters that include SQL injection payloads. Detection involves observing differences in application responses to Boolean-based SQL injection attempts. Commands to detect this may include using curl or wget to send crafted requests and analyze responses, for example: curl -i 'http://target/home/search.html?keyword=1' curl -i 'http://target/home/search.html?keyword=1' OR 1=1 -- Additionally, network intrusion detection systems (NIDS) can be configured to look for SQL injection patterns in HTTP traffic. Monitoring logs for repeated failed login attempts or unusual database query patterns may also help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Implement parameterized queries (prepared statements) to replace vulnerable string-concatenated SQL queries, ensuring user inputs are treated as data and not executable code. 2. Apply strict server-side input validation and sanitization on the 'keyword' parameter, preferably using a whitelist approach allowing only safe characters. 3. Harden authentication logic by enforcing strong password policies and implementing login failure rate limiting (e.g., account lockout after multiple failed attempts). 4. Monitor and restrict access to the vulnerable endpoint and consider applying web application firewall (WAF) rules to block SQL injection attempts. 5. If possible, update or patch the CLTPHP CMS to a version where this vulnerability is fixed. These steps reduce the risk of exploitation and protect the system from unauthorized data access and manipulation. [2]