CVE 8.8 HIGH

my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter_CVE-2025-62606

October 22, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 2.5.12.

AI Analysis

SQL Injection vulnerability in the bookmark reordering feature of my little forum, allowing execution of arbitrary SQL commands and potential full compromise of the application's database.

Basic Information

ID CVE-2025-62606

Source GitHub_M

Published Oct 22, 2025 at 15:11

Modified Oct 22, 2025 at 17:21

Affected Product

Vendor My-Little-Forum

Product mylittleforum

Version < 2.5.12

Affected Versions My-Little-Forum mylittleforum < 2.5.12

CWE Classification

CWE-89

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor My-Little-Forum

Product mylittleforum

Version < 2.5.12

References

{
    "lastseen": "",
    "description": "my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 2.5.12.",
    "published": "2025-10-22T15:11:16.114Z",
    "modified": "2025-10-22T17:21:38.838Z",
    "type": "cve",
    "title": "my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter",
    "source": "GitHub_M",
    "references": "https://github.com/My-Little-Forum/mylittleforum/security/advisories/GHSA-m8hj-c6gr-6h6v\nhttps://github.com/My-Little-Forum/mylittleforum/releases/tag/20251021.1",
    "id": "CVE-2025-62606",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "My-Little-Forum mylittleforum < 2.5.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mylittleforum",
    "version": "< 2.5.12",
    "vendor": "My-Little-Forum",
    "ai_description": "SQL Injection vulnerability in the bookmark reordering feature of my little forum, allowing execution of arbitrary SQL commands and potential full compromise of the application's database.",
    "ai_severity": "High",
    "ai_vendor": "My-Little-Forum",
    "ai_product": "mylittleforum",
    "ai_version": "< 2.5.12",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply