CVE-2025-1869

Critical

Published: 03 March 2025

Published

03 March 2025

Modified

07 March 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 30.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php.

Security Summary

CVE-2025-1869 is a SQL injection vulnerability (CWE-89) discovered in the 101news software, affecting version 1.0 via the "username" parameter in the admin/check_avalability.php component. Published on 2025-03-03T13:15:11.950, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for widespread remote exploitation.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables high-impact consequences across confidentiality, integrity, and availability, allowing arbitrary SQL code execution to extract sensitive data, modify database contents, or disrupt service availability.

The INCIBE advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-101news provides details on this and related vulnerabilities in 101news, including recommended mitigations.

Details

CWE(s): CWE-89

Affected Products

mayurik

best online news portal

1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-101news
Third Party Advisory · cve-coordination@incibe.es