CVE-2025-6100
📋 TL;DR
This critical SQL injection vulnerability in realguoshuai open-video-cms 1.0 allows remote attackers to execute arbitrary SQL commands via the 'sort' parameter in the /v1/video/list endpoint. Attackers can potentially read, modify, or delete database content, and in some cases achieve remote code execution. All deployments of open-video-cms 1.0 with the vulnerable endpoint exposed are affected.
💻 Affected Systems
- realguoshuai open-video-cms
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, and potential remote code execution on the underlying server.
Likely Case
Database information disclosure, data manipulation, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.
🎯 Exploit Status
Public proof-of-concept exists, making exploitation straightforward for attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: unknown
Vendor Advisory: none
Restart Required: No
Instructions:
No official patch available. Consider migrating to alternative software or implementing workarounds.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block SQL injection patterns in the 'sort' parameter
Input Validation Filter
allAdd server-side validation to restrict 'sort' parameter to safe values only
🧯 If You Can't Patch
- Block external access to the /v1/video/list endpoint using network ACLs or firewall rules
- Implement database user with minimal permissions (read-only if possible) for the application
🔍 How to Verify
Check if Vulnerable:
Test the /v1/video/list endpoint with SQL injection payloads in the 'sort' parameter (e.g., sort=1' OR '1'='1)Check Version:
Check application configuration files or package manager for version informationVerify Fix Applied:
Verify that SQL injection payloads no longer execute and return appropriate error messages or sanitized responses📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple requests with SQL-like patterns in 'sort' parameter
- Database connection errors
Network Indicators:
- HTTP requests to /v1/video/list with SQL keywords in parameters
- Unusual database traffic patterns
SIEM Query:
source="web_logs" AND uri="/v1/video/list" AND (param="sort" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|exec|or|and)")