Primary

Context

WeiPHP SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability exists in WeiPHP versions through 5.0, specifically within the SucaiController.class.php file and the cancelTemplate method. This vulnerability allows for remote exploitation by injecting malicious SQL payloads, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the public/index.php/admin/Sucai/cancelTemplate endpoint. The injection point is identified in the cancelTemplate method of the SucaiController.class.php file. After manual injection testing, the vulnerability can be confirmed using SQL injection tools such as SQLMap.

Added: Sep 8, 2025, 7:20 PM

Updated: Sep 8, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeiPHP SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WeiPHP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating