CVE-2025-0491
Published: 15 January 2025
Summary
CVE-2025-0491 is a medium-severity Injection (CWE-74) vulnerability in Fanli2012 Native-Php-Cms. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by enforcing validation of untrusted inputs like the 'id' parameter in /fladmin/cat_dodel.php.
Requires timely identification, reporting, and correction of the specific SQL injection flaw in Fanli2012 native-php-cms 1.0.
Vulnerability scanning identifies SQL injection vulnerabilities like CVE-2025-0491, supporting flaw detection and remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing CMS (/fladmin/cat_dodel.php) enables exploitation of public-facing application (T1190), abuse of server software component (T1505 per advisory), and collection of data from databases via arbitrary SQL queries (T1213.006).
NVD Description
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-0491 is a critical SQL injection vulnerability in Fanli2012 native-php-cms version 1.0. The flaw resides in an unknown function within the file /fladmin/cat_dodel.php, where manipulation of the 'id' argument enables SQL injection. Published on 2025-01-15, it is associated with CWE-74 and CWE-89.
A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. The CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) indicates limited impacts on confidentiality, integrity, and availability, potentially allowing unauthorized data access, modification, or disruption via injected SQL queries.
Advisories point to GitHub issues in the Fanli2012/native-php-cms repository (e.g., #13 and #2770022466) and VulDB entries (ctiid.291936, id.291936, submit.475260). The exploit has been publicly disclosed and may be actively used.
The vulnerability's public exploit availability heightens risks for unpatched instances of this PHP CMS.
Details
- CWE(s)