Login Sign Up

CVE-2025-3792

4.7 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through the /admin_link.php endpoint. Attackers can potentially read, modify, or delete database content. All SeaCMS installations up to version 13.3 are affected.

💻 Affected Systems

Products:
  • SeaCMS
Versions: up to 13.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the admin_link.php component which is part of standard SeaCMS installations.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential administrative account takeover leading to website defacement or further compromise.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules block malicious SQL payloads.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access to reach the vulnerable endpoint, but SQL injection payloads are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor SeaCMS official channels for security updates. 2. Upgrade to version 13.4 or higher when available. 3. Apply patch manually if provided by vendor.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize e_id parameter in admin_link.php

Edit /admin_link.php and add parameter validation before SQL execution

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule to detect and block SQL injection attempts on /admin_link.php

🧯 If You Can't Patch

  • Restrict access to /admin_link.php endpoint using IP whitelisting or authentication requirements
  • Implement database user privilege separation to limit potential damage from SQL injection

🔍 How to Verify

Check if Vulnerable:

Check SeaCMS version in admin panel or by examining source files. If version is 13.3 or lower, assume vulnerable.

Check Version:

Check admin panel or examine includes/common.php for version information

Verify Fix Applied:

Test the vulnerable endpoint with safe SQL injection payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin panel
  • Requests to /admin_link.php with SQL-like parameters

Network Indicators:

  • HTTP POST requests to /admin_link.php containing SQL keywords
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/admin_link.php" AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2025-3792
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.2% exploit probability (42.4th percentile)
Published: April 18, 2025
Last Updated: July 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3792, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)