CVE-2025-10115

Published
View on NVD ↗
CVSS v3
7.3
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT

Description

A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

drew-byte/SiempreCMS-SQLi-POC
drew-byte/SiempreCMS-SQLi-POC
The user_search_ajax.php file is vulnerable to SQL injection due to improper handling of user-supplied input. User inputs are passed directly to the database query without proper parameterization or prepared statements.
GitHubGitHub