SQL Injection Vulnerability in JoeyBling Bootplus Admin Interface
CVE-2025-0701
Key Information:
Badges
What is CVE-2025-0701?
A critical SQL injection vulnerability has been identified in the JoeyBling bootplus product, specifically in the admin interface under the /admin/sys/user/list endpoint. This issue arises from inadequate input validation on the 'sort' argument, which could allow an attacker to manipulate database queries. The potential for remote exploitation raises significant security concerns, as unauthorized access to sensitive data may be achievable. As the product utilizes rolling releases, specific version details for both affected and patched releases remain unspecified, highlighting the need for immediate attention and possible remediation strategies.
Affected Version(s)
bootplus 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved