Login Sign Up

CVE-2025-3559

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in ghostxbh uzy-ssm-mall 1.0.0 allows remote attackers to execute arbitrary SQL commands by manipulating the orderBy parameter in the ForeProductListController endpoint. Attackers can potentially access, modify, or delete database content. All users running the vulnerable version are affected.

💻 Affected Systems

Products:
  • ghostxbh uzy-ssm-mall
Versions: 1.0.0
Operating Systems: All platforms running the application
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable

📦 What is this software?

Uzy Ssm Mall by Ghostxbh

View all CVEs affecting Uzy Ssm Mall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining

🟠

Likely Case

Unauthorized data access, data manipulation, and potential privilege escalation through database exploitation

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-sensitive data

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available and the attack can be initiated remotely without authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the orderBy parameter to allow only safe characters

Implement parameterized queries or prepared statements in the ForeProductListController

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Configure WAF to block requests containing SQL injection patterns to /mall/product/*

🧯 If You Can't Patch

  • Block external access to the vulnerable endpoint using network ACLs or firewall rules
  • Implement database user with minimal privileges and enable audit logging for all database queries

🔍 How to Verify

Check if Vulnerable:

Test the /mall/product/0/20 endpoint with SQL injection payloads in the orderBy parameter

Check Version:

Check application version in configuration files or about page

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and parameterized queries are implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts following SQL injection patterns
  • Requests to /mall/product/* with suspicious orderBy parameters

Network Indicators:

  • HTTP requests containing SQL keywords (UNION, SELECT, INSERT) in URL parameters
  • Abnormal traffic patterns to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/mall/product/*" AND (orderBy CONTAINS "UNION" OR orderBy CONTAINS "SELECT" OR orderBy CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2025-3559
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.22% exploit probability (44th percentile)
Published: April 14, 2025
Last Updated: October 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3559, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)