CVE-2025-59473
Unknown
Unknown - Not Provided
SQL Injection in Structure Admin Module Allows Data Manipulation
Publication date: 2026-01-26
Last updated on: 2026-02-13
Assigner: HackerOne
Description
Description
SQL Injection vulnerability in the Structure for Admin authenticated user
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| expressionengine | expressionengine | From 7.0.0 (inc) to 7.5.14 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL Injection issue that affects the Structure for Admin component when accessed by an authenticated user. It allows an attacker with admin privileges to inject malicious SQL code into the system.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or manipulation of the database, potentially resulting in data disclosure (confidentiality impact), data modification (integrity impact), and disruption of service (availability impact).
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70