CVE 6.9 MEDIUM

CesiumLab Web lodmodels sql injection_CVE-2025-8744

August 8, 2025 invoker category_cve

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

A critical SQL injection vulnerability in CesiumLab Web up to version 4.0 allows remote attackers to inject malicious SQL code via the ID argument in the lodmodels component.

Basic Information

ID CVE-2025-8744

Source VulDB

Published Aug 8, 2025 at 23:32

Affected Product

Vendor CesiumLab

Product Web

Version 4.0

Affected Versions CesiumLab Web 4.0

CWE Classification

CWE-89 CWE-74

AI Assessment

AI Severity Medium

Vendor CesiumLab

Product CesiumLab Web

Version 4.0

References

{
    "lastseen": "",
    "description": "A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-08T23:32:05.337Z",
    "modified": "2025-08-08T23:32:05.337Z",
    "type": "cve",
    "title": "CesiumLab Web lodmodels sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319240\nhttps://vuldb.com/?ctiid.319240\nhttps://vuldb.com/?submit.616911",
    "id": "CVE-2025-8744",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "CesiumLab Web 4.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Web",
    "version": "4.0",
    "vendor": "CesiumLab",
    "ai_description": "A critical SQL injection vulnerability in CesiumLab Web up to version 4.0 allows remote attackers to inject malicious SQL code via the ID argument in the lodmodels component.",
    "ai_severity": "Medium",
    "ai_vendor": "CesiumLab",
    "ai_product": "CesiumLab Web",
    "ai_version": "4.0",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply