SQL Injection Vulnerability in SiempreCMS by Siempre
CVE-2025-10115
Key Information:
- Vendor
Siempre
- Status
- Vendor
- CVE Published:
- 9 September 2025
Badges
What is CVE-2025-10115?
A SQL injection vulnerability exists in SiempreCMS versions up to 1.3.6, specifically within the user_search_ajax.php file. This flaw allows attackers to manipulate input parameters, potentially leading to unauthorized access and data exposure. As this exploit can be initiated remotely, organizations using the affected versions are strongly urged to implement necessary security measures to mitigate the risk. The vulnerability has been publicly disclosed, raising concerns for users and necessitating immediate attention.
Affected Version(s)
SiempreCMS 1.3.0
SiempreCMS 1.3.1
SiempreCMS 1.3.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved