Blind SQL Injection Vulnerability in Article Positioning for Affected Product
CVE-2025-8121

8.7HIGH

Key Information:

Vendor: Polska Akademia Dostępności
Status: Pad Cms
Vendor: CVE Published:; 30 September 2025

🔔 Create Polska Akademia Dostępności Vulnerability Alert

What is CVE-2025-8121?

A vulnerability exists that allows for Blind SQL Injection attacks due to improper input neutralization by authorized users during the article positioning functionality. This flaw affects all templates: www, bip, and ww+bip. As the product is End-Of-Life, the vendor will not provide any patches, leaving systems vulnerable to exploitation.

Affected Version(s)

PAD CMS 0 <= 1.2.1

References

https://cert.pl/posts/2025/09/CVE-2025-7063

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Jul 24, 2025

Credit

Mikołaj Matuszewski (CERT.PL)

JSON