Primary

Context

Philipinho Simple-PHP-Blog SQL Injection Vulnerability in edit.php

Vulnerability

A SQL injection vulnerability has been identified in Philipinho Simple-PHP-Blog versions prior to 94b5d3e57308bce5dfbc44c3edafa9811893d958. The issue arises in the edit.php file, where the id parameter is not properly sanitized or type-checked, allowing for SQL injection attacks. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to edit.php with an unsanitized id parameter. The injection can be verified by using SQL injection techniques, such as adding a payload that exploits the application's database query handling.

Added: Dec 8, 2025, 10:19 AM

Updated: Dec 8, 2025, 10:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Philipinho Simple-PHP-Blog SQL Injection Vulnerability in edit.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating