Full Report
SQL Injection vulnerability (CVE-2025-12465) has been found in OpenSolution QuickCMS software.
Analysis Summary
# Vulnerability: Blind SQL Injection in OpenSolution QuickCMS
## CVE Details
- CVE ID: CVE-2025-12465
- CVSS Score: *Score not explicitly provided in the summary* (Severity: *Severity not explicitly provided*)
- CWE: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
## Affected Systems
- Products: OpenSolution QuickCMS
- Versions: 6.8 (Other versions might also be affected, but 6.8 is the only confirmed version)
- Configurations: Affects instances where input from a high-privileged user is processed by the `aFilesDelete` functionality.
## Vulnerability Description
A Blind SQL injection vulnerability exists in OpenSolution QuickCMS. This flaw arises from the improper neutralization of input provided by a high-privileged user into the `aFilesDelete` parameter/functionality, which allows an attacker to conduct Blind SQL Injection attacks against the underlying database.
## Exploitation
- Status: PoC available (Confirmed existence and technique, implication of successful injection exists)
- Complexity: *Complexity not explicitly provided*, but SQL Injection is typically **Medium** to achieve data exfiltration in Blind scenarios.
- Attack Vector: Network (Implied, as injection requires input delivery)
## Impact
- Confidentiality: High (Potential for unauthorized data extraction via blind techniques)
- Integrity: High (Potential for unauthorized modification of data)
- Availability: Medium/High (Potential for service disruption if database access or modification is leveraged)
## Remediation
### Patches
- No specific patch versions were provided by the vendor in response to coordination efforts.
### Workarounds
- Since the vulnerability is confirmed in version 6.8 and relies on input into `aFilesDelete` from high-privileged users, the immediate workaround would be restricting access to functionality requiring high-privileged input, specifically the area related to `aFilesDelete`.
## Detection
- Indicators of compromise: Unusual database query patterns, unexpected delays during file operations, or data being exfiltrated over time using blind techniques (e.g., time-based responses).
- Detection methods and tools: Web Application Firewalls (WAFs) configured to block standard SQL meta-characters (`'`, `--`, `;`, etc.) in user-supplied input fields, and running dynamic application security testing (DAST) tools against the `aFilesDelete` endpoint.
## References
- Vendor advisories: None provided/Vendor did not respond with details.
- Relevant links - defanged:
- hxxps://incydent.cert.pl/#!/lang=en
- hxxps://www.cve.org/CVERecord?id=CVE-2025-12465
- hxxps://cert.pl/en/cvd/