CVE-2025-62606
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mylittleforum | mylittleforum | 2.5.12 |
| mysql | mysql | 5.7.7 |
| mariadb | mariadb | 10.2.2 |
| php | php | 7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62606 is an authenticated SQL injection vulnerability in the My-Little-Forum application prior to version 2.5.12. It occurs in the bookmark reordering feature where the application improperly handles user input when updating the order of bookmarks. Specifically, the application attempts to sanitize bookmark IDs but then concatenates them directly into an SQL query without proper quoting, allowing a logged-in user to inject arbitrary SQL commands. This can lead to executing malicious SQL code on the database. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows any authenticated user to execute arbitrary SQL commands on the forum's database. The impact includes full compromise of the database, enabling attackers to read sensitive data such as user credentials, private messages, and forum content, as well as modify or delete all data. It can also lead to complete destruction of forum data, severely affecting the availability and integrity of the application. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing the behavior of the bookmark reordering feature when an authenticated user sends a specially crafted POST request to the forum's index.php endpoint with the 'bookmarks' parameter containing SQL injection payloads. For example, sending a payload like '1) AND (SELECT SLEEP(5))-- -' in the 'bookmarks' parameter can cause a noticeable delay in the server response, indicating a time-based blind SQL injection. Detection can be performed by capturing and analyzing HTTP POST requests to the 'index.php' endpoint with suspicious 'bookmarks' parameter values. Additionally, tools like sqlmap can be used to automate detection and exploitation attempts. A sample curl command to test the vulnerability might be: curl -X POST -b "session_cookie=your_session_cookie" -d "bookmarks=1) AND (SELECT SLEEP(5))-- -" https://yourforum.example.com/index.php Monitoring for unexpected delays or errors in response to such requests can help identify the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade MyLittleForum to version 2.5.12 or later, where the vulnerability has been patched by enforcing strict input sanitization on the bookmark order inputs using PHP's intval function. This prevents malicious SQL code injection by converting inputs to natural numbers. After upgrading, the forum will enter maintenance mode and must be manually re-enabled via the settings page. Additionally, ensure that the PHP version is at least 7.3 and the MySQL server version is at least 5.7.7 or MariaDB 10.2.2 as required by the update. Until the upgrade is applied, restrict authenticated user access to the bookmark reordering feature if possible, and monitor for suspicious activity related to bookmark reordering requests. [1]