{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9399","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-24T14:47:36.125Z","datePublished":"2025-08-25T00:02:05.588Z","dateUpdated":"2025-08-25T20:28:32.941Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-25T00:02:05.588Z"},"title":"YiFang CMS L_tool.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"YiFang","product":"CMS","versions":[{"version":"2.0.0","status":"affected"},{"version":"2.0.1","status":"affected"},{"version":"2.0.2","status":"affected"},{"version":"2.0.3","status":"affected"},{"version":"2.0.4","status":"affected"},{"version":"2.0.5","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In YiFang CMS bis 2.0.5 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Verarbeitung der Datei app/logic/L_tool.php. Mittels dem Manipulieren des Arguments new_url mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Es ist möglich, den Angriff aus der Ferne durchzuführen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-24T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-24T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-24T16:52:45.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Yu Bao (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.321235","name":"VDB-321235 | YiFang CMS L_tool.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.321235","name":"VDB-321235 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.632534","name":"Submit #632534 | YiFang YiFang CMS 2.0.5 SQL injection","tags":["third-party-advisory"]},{"url":"https://github.com/August829/Yu/blob/main/20250811_4.md","tags":["related"]},{"url":"https://github.com/August829/Yu/blob/main/20250811_4.md#poc","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-25T20:28:21.328432Z","id":"CVE-2025-9399","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-25T20:28:32.941Z"}}]}}