SQL Injection Vulnerability in 101news Affected by Admin Functionality
CVE-2025-1872

9.3CRITICAL

Key Information:

Vendor: Mayuri K
Status: 101news
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-1872?

An SQL injection vulnerability has been identified in 101news, specifically impacting version 1.0. The flaw exists in the 'sadminusername' parameter located in the admin/add-subadmins.php file. This vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data and compromise the integrity of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

101news 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Mar 3, 2025

Credit

Rafael Pedrero

JSON

Mayuri K

What is CVE-2025-1872?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.