CVE-2025-30372
Published: 28 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-30372 is an SQL injection vulnerability affecting Emlog Pro, an open source website building system, specifically in versions pro-2.5.7 and pro-2.5.8. The issue resides in the `search_controller.php` file, which fails to apply addslashes after urldecode, enabling attackers to bypass prior addslashes protections through URL double encoding. This flaw, classified under CWE-89, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting malicious requests with double-encoded payloads, they can inject SQL code, potentially leading to leakage of sensitive information from the user database and broader compromise given the high CVSS impacts on integrity and availability.
The GitHub security advisory (GHSA-w6xc-r6x5-m77c) confirms that Emlog Pro version pro-2.5.9 addresses the vulnerability. Security practitioners should upgrade to this patched version immediately and review access logs for suspicious search queries involving double-encoded URLs.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The SQL injection vulnerability in the public-facing Emlog Pro web application directly enables remote unauthenticated exploitation, mapping to T1190: Exploit Public-Facing Application. The double-encoding bypass and critical CVSS impacts confirm this as the primary technique facilitated by the flaw.