Login Sign Up

CVE-2025-25516

9.8 CRITICAL
SQL Injection

📋 TL;DR

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_paylog.php that allows attackers to execute arbitrary SQL commands. This affects all Seacms installations running vulnerable versions, potentially compromising the underlying database. Attackers could exploit this to steal sensitive data, modify content, or gain administrative access.

💻 Affected Systems

Products:
  • Seacms
Versions: <= 13.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin panel access, but authentication bypass may be possible through other vectors.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, website defacement, privilege escalation to admin, and potential server takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized access to sensitive payment logs, user data extraction, and potential administrative account takeover.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and WAF protection blocking malicious SQL patterns.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin panel access; SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for official patch from Seacms developers. 2. If no patch, upgrade to latest version if available. 3. Apply manual fixes to admin_paylog.php.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add proper input validation and parameterized queries to admin_paylog.php

Edit admin_paylog.php to use prepared statements with PDO or mysqli

Access Restriction

all

Restrict access to admin_paylog.php to trusted IP addresses only

Add .htaccess rules or web server configuration to limit access

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) with SQL injection rules
  • Disable or rename admin_paylog.php if not required

🔍 How to Verify

Check if Vulnerable:

Check if Seacms version is <= 13.3 and review admin_paylog.php for unsanitized input parameters

Check Version:

Check Seacms version in admin panel or readme files

Verify Fix Applied:

Test admin_paylog.php with SQL injection payloads after applying fixes

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin panel
  • Suspicious POST requests to admin_paylog.php

Network Indicators:

  • SQL injection patterns in HTTP requests
  • Unusual database connection patterns

SIEM Query:

source="web_logs" AND (uri="*admin_paylog.php*" AND (payload="*UNION*" OR payload="*SELECT*" OR payload="*INSERT*"))

📊 Metadata

CVE ID: CVE-2025-25516
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
EPSS Score: 0.33% exploit probability (55th percentile)
Published: February 25, 2025
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25516, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)