SQL Injection Vulnerability in markparticle WebServer Login Component
CVE-2025-3847

6.9MEDIUM

Key Information:

Vendor

Markparticle

Status
Webserver
Vendor
CVE Published:
21 April 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-3847?

A vulnerability has been identified in the markparticle WebServer, specifically within the Login component located in code/http/httprequest.cpp. This vulnerability allows attackers to exploit the system by manipulating the username and password parameters, leading to unauthorized access through SQL injection. The exploit can be executed remotely, raising significant security concerns for affected installations. As the details of this vulnerability have been publicly disclosed, it is crucial for users and administrators to take immediate steps to mitigate potential attacks.

Affected Version(s)

WebServer 1.0

References

https://vuldb.com/?id.305775
vdb-entrytechnical-description
https://vuldb.com/?ctiid.305775
signaturepermissions-required
https://vuldb.com/?submit.556275
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

s0l42 (VulDB User)
.