SQL Injection Vulnerability in Maccms10 Database Management Software
CVE-2025-10122

5.1MEDIUM

Key Information:

Vendor

Maccms

Status
Maccms10
Vendor
CVE Published:
9 September 2025

What is CVE-2025-10122?

A security flaw exists in Maccms10 version 2025.1000.4050 that allows attackers to perform SQL injection through manipulation of arguments in the 'rep' function located in application/admin/controller/Database.php. This vulnerability can be exploited remotely, making it essential for users to secure their installations. Publicly disclosed exploits may allow malicious parties to compromise database integrity. Immediate assessment and mitigation strategies are advised to secure affected systems.

Affected Version(s)

Maccms10 2025.1000.4050

References

https://vuldb.com/?id.323092
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323092
signaturepermissions-required
https://vuldb.com/?submit.645702
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao (VulDB User)
.
CVE-2025-10122 : SQL Injection Vulnerability in Maccms10 Database Management Software