Primary

Context

DedeBIZ SQL Injection Vulnerability in admin/templets_one_edit.php

Vulnerability

A critical SQL injection vulnerability exists in DedeBIZ CMS versions through 6.3.2. The issue is located in the file admin/templets_one_edit.php, where the ids parameter is not properly validated before being used in database queries. This flaw allows remote attackers to inject malicious SQL commands, potentially leading to unauthorized database access or manipulation.

Impact

Exploitation of this vulnerability allows for arbitrary SQL injection, which could be used to manipulate database queries and access or modify database information.

Reproduction

To reproduce this vulnerability, log into the DedeBIZ CMS and navigate to the admin/templets_one.php page. Click on 'Update Select Single page' to trigger the admin/templets_one_edit.php page. Once there, send a request to the admin/templets_one_edit.php file with the ids parameter containing a crafted payload that exploits the SQL injection vulnerability, such as one that uses the extractvalue function to retrieve database information.

Added: Nov 7, 2025, 3:18 PM

Updated: Nov 7, 2025, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DedeBIZ SQL Injection Vulnerability in admin/templets_one_edit.php

Vulnerability

Impact

Reproduction

Affected Products

DedeBIZ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating