CVE 8.6 HIGH

Blind SQL Injection in QuickCMS_CVE-2025-12465

December 2, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

AI Analysis

Blind SQL injection vulnerability in QuickCMS via improper neutralization of input

Basic Information

ID CVE-2025-12465

Source CERT-PL

Published Dec 2, 2025 at 12:15

Affected Product

Vendor OpenSolution

Product QuickCMS

Version 6.8

Affected Versions OpenSolution QuickCMS 6.8

CWE Classification

CWE-89

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor OpenSolution

Product QuickCMS

Version 6.8

References

cert.pl /posts/2025/12/CVE-2025-12465/

{
    "lastseen": "",
    "description": "A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.",
    "published": "2025-12-02T12:15:22.605Z",
    "modified": "2025-12-02T12:15:50.252Z",
    "type": "cve",
    "title": "Blind SQL Injection in QuickCMS",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2025/12/CVE-2025-12465/",
    "id": "CVE-2025-12465",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "OpenSolution QuickCMS 6.8",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "QuickCMS",
    "version": "6.8",
    "vendor": "OpenSolution",
    "ai_description": "Blind SQL injection vulnerability in QuickCMS via improper neutralization of input",
    "ai_severity": "High",
    "ai_vendor": "OpenSolution",
    "ai_product": "QuickCMS",
    "ai_version": "6.8",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply