Login Sign Up

CVE-2025-6009

4.7 MEDIUM
SQL Injection

📋 TL;DR

This is a critical SQL injection vulnerability in the like-girl software version 5.2.0. Attackers can remotely exploit the /admin/ipAddPost.php file by manipulating the bz/ipdz parameter to execute arbitrary SQL commands. Organizations using this software are at risk of data theft, modification, or deletion.

💻 Affected Systems

Products:
  • kiCode111 like-girl
Versions: 5.2.0
Operating Systems: All platforms running the software
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the /admin/ipAddPost.php file with bz/ipdz parameter manipulation

📦 What is this software?

Like Girl by Kicode111

View all CVEs affecting Like Girl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, or system takeover

🟠

Likely Case

Unauthorized data access, modification, or deletion from the application database

🟢

If Mitigated

Limited impact due to proper input validation and database permissions

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects an admin interface
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access to reach the vulnerable endpoint, but SQL injection is straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or replacing the software.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the bz/ipdz parameter before processing

Modify /admin/ipAddPost.php to validate and sanitize user input

Web Application Firewall

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

Configure WAF to block requests containing SQL injection patterns to /admin/ipAddPost.php

🧯 If You Can't Patch

  • Restrict access to /admin/ directory using network controls or authentication
  • Monitor database logs for unusual SQL queries and implement database activity monitoring

🔍 How to Verify

Check if Vulnerable:

Check if /admin/ipAddPost.php exists and accepts bz/ipdz parameter without proper input validation

Check Version:

Check software version in configuration files or admin interface

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin interface
  • Requests to /admin/ipAddPost.php with SQL keywords

Network Indicators:

  • HTTP POST requests to /admin/ipAddPost.php containing SQL injection patterns

SIEM Query:

source="web_logs" AND uri="/admin/ipAddPost.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2025-6009
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (13.1th percentile)
Published: June 12, 2025
Last Updated: June 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6009, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)