Overview A critical vulnerability, identified as CVE-2025-65657, has been discovered in FeehiCMS version 2.1.1. This vulnerability allows an authenticated remote attacker to execute arbitrary code on the server through unrestricted file uploads within the ad management feature. By uploading a malicious PHP file, an attacker can gain complete control of the affected system. It’s crucial to understand the technical details, potential impact, and implement the recommended mitigation steps to protect your FeehiCMS installation. Technical Details The vulnerability stems from insufficient validation and sanitization of uploaded files within the ad management module of FeehiCMS 2.1.1. An authenticated user with the necessary…
-
-
Overview CVE-2025-65380 details a significant SQL Injection vulnerability discovered in PHPGurukul Billing System version 1.0. This vulnerability exists in the admin/index.php endpoint, allowing attackers to potentially execute arbitrary SQL queries on the backend database by manipulating the username parameter. This can lead to unauthorized access to sensitive data, modification of data, or even complete compromise of the application and its underlying database server. Technical Details The vulnerability stems from the lack of proper sanitization and validation of user input within the admin/index.php script. Specifically, the username parameter is directly concatenated into an SQL query without any form of escaping or…
-
Overview CVE-2025-64778 is a high-severity vulnerability affecting NMIS/BioDose software, version 22.02 and previous versions. This vulnerability stems from the presence of plain text, hard-coded passwords within executable binaries. An attacker exploiting this flaw could gain unauthorized access to both the application and its underlying database, potentially leading to sensitive data exposure and system compromise. Technical Details The vulnerability lies in the inclusion of easily discoverable, hard-coded passwords within the application’s executable files. By reverse-engineering or inspecting the binaries, attackers can extract these credentials. These passwords grant privileged access to the NMIS/BioDose application and the connected database, allowing attackers to manipulate…
-
Overview A high-severity vulnerability, identified as CVE-2025-64642, has been discovered in NMIS/BioDose versions V22.02 and earlier. This vulnerability stems from insecure default file permissions on the software’s installation directory paths. In specific deployment scenarios, this flaw could allow users on client workstations to modify the program’s executables and libraries, potentially leading to significant security breaches. Technical Details The vulnerability arises from overly permissive file permissions granted to the installation directories of NMIS/BioDose software. Specifically, client workstation users might inadvertently or maliciously gain write access to critical system files. This access can be exploited to replace legitimate program components with malicious…
-
Overview CVE-2025-64298 is a high-severity vulnerability affecting NMIS/BioDose V22.02 and all prior versions when using the embedded Microsoft SQL Server Express in networked installations. The vulnerability stems from insecure default directory paths in the Windows share used by clients, leading to unauthorized access to sensitive SQL Server database and configuration files. Technical Details NMIS/BioDose, when deployed with the embedded SQL Server Express, utilizes a Windows share for client access. The default configuration of this share contains overly permissive directory paths. Specifically, these paths grant access to the SQL Server’s database files (.mdf, .ldf) and configuration files. An attacker with access…
-
Overview A critical security vulnerability, identified as CVE-2025-62575, has been discovered in NMIS/BioDose V22.02 and all previous versions. This vulnerability stems from the software’s reliance on a Microsoft SQL Server database and the default configuration that grants the ‘nmdbuser’ account, along with other created accounts, the sysadmin role. This excessive privilege allows for potential remote code execution (RCE) through the exploitation of built-in stored procedures. Technical Details The core of the vulnerability lies in the overly permissive database permissions granted to the default ‘nmdbuser’ account and other created accounts. The sysadmin role in Microsoft SQL Server provides virtually unrestricted access…
-
Overview CVE-2025-61940 is a high-severity vulnerability affecting NMIS/BioDose versions 22.02 and earlier. This vulnerability stems from the software’s reliance on a single, common SQL Server user account for database access. While the client application implements password authentication, the underlying database connection remains consistently accessible, potentially allowing unauthorized data access and manipulation. Technical Details The vulnerability lies in the fact that all users, regardless of their client-side credentials, ultimately connect to the SQL Server database using the same shared account. This bypasses the intended access controls enforced by the client application. An attacker who gains access to this shared database credential,…
-
Overview A critical SQL injection vulnerability, identified as CVE-2025-65877, has been discovered in Lvzhou CMS. This flaw affects versions prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (dated 2025-09-22). Exploitation of this vulnerability could allow attackers to execute arbitrary SQL queries, potentially leading to sensitive data exposure, modification, or even complete system compromise. Technical Details The vulnerability resides within the com.wanli.lvzhoucms.service.ContentService#findPage method. The ‘title’ parameter is directly concatenated into a dynamic SQL query without proper sanitization or the use of prepared statements. This insecure practice allows an attacker to inject malicious SQL code through the ‘title’ parameter. When the application executes the constructed SQL…
-
Overview A critical SQL Injection vulnerability, identified as CVE-2025-65379, has been discovered in PHPGurukul Billing System version 1.0. This vulnerability resides within the /admin/password-recovery.php endpoint and allows attackers to potentially compromise the application’s database by injecting malicious SQL code. Technical Details The vulnerability stems from the insufficient validation and sanitization of user-supplied input within the /admin/password-recovery.php script. Specifically, the username and mobileno parameters are directly concatenated into a backend SQL query without proper escaping. This allows a malicious actor to inject arbitrary SQL code by crafting a specially crafted request to the password recovery endpoint. For example: /admin/password-recovery.php?username='; DROP TABLE…
-
Overview CVE-2025-13658 is a critical vulnerability affecting Longwatch devices that allows unauthenticated attackers to execute arbitrary code remotely. This vulnerability stems from the absence of code signing and execution controls, enabling unauthorized HTTP GET requests to exploit an exposed endpoint. Successful exploitation grants the attacker SYSTEM-level privileges, potentially leading to complete system compromise. Technical Details The vulnerability resides in an exposed endpoint within Longwatch devices. Due to the lack of proper authentication and authorization mechanisms, an unauthenticated attacker can send specially crafted HTTP GET requests to this endpoint. The absence of code signing and execution controls allows the attacker to…