PAD CMS Blind SQL Injection Vulnerability

Vulnerability

A Blind SQL Injection vulnerability has been identified in PAD CMS article positioning functionality. This issue arises from improper neutralization of input provided by an authorized user, allowing for SQL injection attacks that are not visible to the attacker. The vulnerability affects all three templates: www, bip, and ww+bip. PAD CMS is no longer supported, and the producer will not release patches for this vulnerability.

Impact

Exploitation of this vulnerability allows for Blind SQL Injection attacks, where an attacker can manipulate SQL queries and potentially access or modify database information without directly seeing the results of the injection.

Added: Sep 30, 2025, 11:56 AM

Updated: Sep 30, 2025, 11:56 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PAD CMS Blind SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating