SQL Injection Vulnerability in AssamLook CMS Affecting Remote Access
CVE-2025-5431

5.3MEDIUM

Key Information:

Vendor

Assamlook

Status
Cms
Vendor
CVE Published:
2 June 2025

Badges

👾 Exploit Exists

What is CVE-2025-5431?

A SQL injection vulnerability exists in the AssamLook CMS version 1.0, specifically within the /department-profile.php file. This flaw arises from improper handling of the 'ID' argument, allowing attackers to inject malicious SQL commands. The vulnerability can be exploited remotely, enabling unauthorized access to sensitive data. Although the vendor was notified about the issue, there has been no response, increasing the urgency for users to take protective measures.

Affected Version(s)

CMS 1.0

References

https://vuldb.com/?id.310764
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310764
signaturepermissions-required
https://github.com/YZS17/CVE/blob/main/SQL/SQLi%20in%20As...
exploit

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.