Primary

Context

Chyrp SQL Injection Vulnerability in Admin Component

Vulnerability

A SQL injection vulnerability has been identified in Chyrp CMS versions through 2.5.2. This vulnerability allows authenticated attackers with admin access to manipulate SQL queries via the 'prefix' POST parameter in the Admin.php component. The lack of input validation or sanitization enables the injection of arbitrary SQL, potentially leading to unauthorized data access, data manipulation, or even a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, manipulation or deletion of database records, and a denial-of-service condition.

Reproduction

To reproduce this vulnerability, an authenticated administrator can send a POST request to the Admin.php component with a crafted 'prefix' parameter. The injected SQL will be executed by the application, allowing the attacker to manipulate the database as intended.

Added: Mar 16, 2026, 6:39 PM

Updated: Mar 16, 2026, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.6

exploitability

6.3

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.6

exploitability

6.3

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chyrp SQL Injection Vulnerability in Admin Component

Vulnerability

Impact

Reproduction

Affected Products

Chyrp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating