SQL Injection Vulnerability in MuFen-mker PHP-Usermm Product
CVE-2025-10967

6.9MEDIUM

Key Information:

Vendor: Mufen-mker
Status: PHP-usermm
Vendor: CVE Published:; 25 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10967?

A SQL injection vulnerability exists in the MuFen-mker PHP-Usermm application, specifically within the '/chkuser.php' file. This flaw allows attackers to manipulate the 'Username' argument, which can lead to unauthorized access to the database. As an exploitable remote attack vector has been identified, this vulnerability poses significant security risks to users of the affected product. Despite the disclosure, the vendor has not responded to alerts regarding this serious issue, emphasizing the urgency of applying protective measures.

Affected Version(s)

PHP-Usermm 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10967 - Proof of Concept

References

https://vuldb.com/?id.325834

vdb-entrytechnical-description

https://vuldb.com/?ctiid.325834

signaturepermissions-required

https://vuldb.com/?submit.653138

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 25, 2025
👾
Exploit known to exist
Sep 25, 2025
Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 25, 2025

Credit

M0ker (VulDB User)

JSON

Mufen-mker