Listen to this Post
How the CVE Works
CVE-2025-28056 exploits a SQL injection flaw in Rebuild CMS versions v3.9.0 through v3.9.3. The vulnerability resides in the `/admin/admin-cli/exec` component, where improper input sanitization allows attackers to inject malicious SQL queries. By crafting specially crafted requests, an attacker can manipulate database queries, leading to unauthorized data access, modification, or deletion. The lack of prepared statements or parameterized queries in this endpoint enables arbitrary SQL execution under the context of the application’s database user.
DailyCVE Form
Platform: Rebuild CMS
Version: v3.9.0 – v3.9.3
Vulnerability: SQL Injection
Severity: Critical
Date: 06/23/2025
Prediction: Patch expected by 07/15/2025
What Undercode Say
Analytics:
SELECT FROM users WHERE id = '1' OR '1'='1';
curl -X POST "http://target/admin/admin-cli/exec" --data "query=malicious_payload"
Exploit:
- Craft malicious SQL payloads.
- Bypass authentication via
UNION-based attacks. - Exfiltrate database contents.
Protection from this CVE:
- Apply vendor patches.
- Use parameterized queries.
- Restrict admin CLI access.
Impact:
- Full database compromise.
- Unauthorized admin access.
- Data integrity loss.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
