SeaCMS SQL Injection Vulnerability in admin_members.php File

A SQL injection vulnerability has been identified in SeaCMS versions prior to 13.3. The issue arises in the admin_members.php file, specifically within the editsave action. Manipulation of the ID parameter allows for SQL injection, which can be exploited remotely. This vulnerability has been publicly disclosed and is distinct from another injection point addressed in CVE-2025-25513.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can execute arbitrary SQL commands and potentially extract sensitive information from the database, such as usernames, password hashes, and configuration data.

Reproduction

The vulnerability can be reproduced by sending a POST request to the admin_members.php file with the editsave action. The ID parameter must be manipulated to include a crafted SQL injection payload, such as one that uses a time-based delay, like SLEEP(). This injection can be verified using SQLMap, a popular SQL injection exploitation tool.