Primary

Context

BiggiDroid Simple PHP CMS SQL Injection Vulnerability in Editsite.php

Vulnerability

A critical SQL injection vulnerability has been identified in BiggiDroid Simple PHP CMS version 1.0. The issue resides in the file '/admin/editsite.php', where the 'id' parameter is manipulated, leading to SQL injection. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/editsite.php' file with a crafted 'id' parameter that includes SQL injection payloads. The lack of proper input sanitization allows the injected SQL code to be executed by the database, manipulating the application's data layer.

Added: Dec 29, 2025, 4:18 AM

Updated: Dec 29, 2025, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BiggiDroid Simple PHP CMS SQL Injection Vulnerability in Editsite.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating