CVE-2024-25400 – This disputed CVE claims Subrion CMS 4.2.1 has ... (How to Fix)

📋 TL;DR

This disputed CVE claims Subrion CMS 4.2.1 has SQL injection vulnerability in ia.core.mysqli.php, potentially allowing attackers to execute arbitrary SQL commands. However, third parties dispute the vulnerability exists since the file reportedly lacks external input mechanisms. Organizations using Subrion CMS 4.2.1 should verify their exposure.

💻 Affected Systems

Products:

Subrion CMS

Versions: 4.2.1

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Vulnerability is disputed by multiple third parties who claim the reported file lacks external input mechanisms

📦 What is this software?

Subrion by Intelliants

View all CVEs affecting Subrion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, or system takeover if vulnerability exists and is exploited

🟠

Likely Case

Limited impact given disputed nature and lack of proven exploitation vectors

🟢

If Mitigated

No impact if proper input validation and parameterized queries are already implemented

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

No confirmed exploitation due to disputed nature; requires specific conditions if vulnerability exists

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not applicable

Vendor Advisory: https://github.com/intelliants/subrion/issues/910

Restart Required: No

Instructions:

1. Review the disputed GitHub issue
2. Verify if your installation uses the reported file
3. Consider upgrading to latest Subrion version if concerned

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation and parameterized queries for all database operations

File Access Restriction

linux

Restrict direct access to PHP class files via web server configuration

# Apache: Add to .htaccess
<Files "ia.core.mysqli.php">
    Order Allow,Deny
    Deny from all
</Files>
# Nginx: Add to server block
location ~* /ia\.core\.mysqli\.php$ {
    deny all;
}

🧯 If You Can't Patch

Implement web application firewall with SQL injection rules
Restrict database user permissions to minimum required

🔍 How to Verify

Check if Vulnerable:

Check if Subrion CMS version is 4.2.1 and review the ia.core.mysqli.php file for SQL injection vulnerabilities

Check Version:

Check Subrion CMS admin panel or review includes/constants.php for version information

Verify Fix Applied:

Verify file modifications or upgrade to newer version

📡 Detection & Monitoring

Log Indicators:

Unusual database queries
Access attempts to ia.core.mysqli.php
SQL error messages in logs

Network Indicators:

Unusual POST/GET parameters with SQL syntax
Requests to PHP class files

SIEM Query:

source="web_logs" AND (uri="*ia.core.mysqli.php*" OR message="*SQL*" OR message="*database*error*")

📊 Metadata

CVE ID: CVE-2024-25400

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 27, 2024

Last Updated: May 23, 2025

🔗 References

https://github.com/intelliants/subrion/issues/910 Exploit,Issue Tracking,Vendor Advisory
https://github.com/intelliants/subrion/issues/910 Exploit,Issue Tracking,Vendor Advisory
https://github.com/intelliants/subrion/issues/910 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25400, you might also want to check these: