Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-10122— Maccms10 Database.php rep sql injection

CVSS 4.7 · Medium EPSS 0.04% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-10122

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Maccms10 Database.php rep sql injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
maccms10 SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
maccms10是magicblack开源的一套采用 PHP+MYSQL 环境下运行的完善而强大的快速建站系统。 maccms10 2025.1000.4050版本存在SQL注入漏洞,该漏洞源于对文件application/admin/controller/Database.php中函数rep的参数where的错误操作导致SQL注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Maccms10 2025.1000.4050 -

II. Public POCs for CVE-2025-10122

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-10122

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-09-09 · 33 CVEs total

CVE-2025-101167.3 HIGHSiempreCMS file_upload.php unrestricted upload
CVE-2025-101157.3 HIGHSiempreCMS user_search_ajax.php sql injection
CVE-2025-101216.3 MEDIUMuverif kami_list addbatch sql injection
CVE-2025-57072Tenda G3 安全漏洞
CVE-2025-29089TP-LINK AX10 安全漏洞
CVE-2025-44593Halo 安全漏洞
CVE-2025-44595Halo 安全漏洞
CVE-2025-44594Halo 安全漏洞
CVE-2025-57633FTP-Flask-python 安全漏洞
CVE-2025-57060Tenda G3 安全漏洞
CVE-2025-57085Tenda W30E 安全漏洞
CVE-2025-57278LB-Link BL-CPE300M AX300 4G LTE Router 安全漏洞
CVE-2025-57078Tenda G3 安全漏洞
CVE-2025-57086Tenda W30E 安全漏洞
CVE-2025-57665Element Plus 安全漏洞
CVE-2025-57061Tenda G3 安全漏洞
CVE-2025-52277YesWiki 安全漏洞
CVE-2025-57063Tenda G3 安全漏洞
CVE-2025-57070Tenda G3 安全漏洞
CVE-2025-57064Tenda G3 安全漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-89

V. Comments for CVE-2025-10122

No comments yet

Leave a comment