CVE-2025-10122

EUVD-2025-27220
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
4.7 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
maccmsmaccms
10.0:2025.1000.4050
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb016.md
https://vuldb.com/?ctiid.323092
https://vuldb.com/?id.323092
https://vuldb.com/?submit.645702