BiggiDroid Simple PHP CMS Admin Login login.php sql injection

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-15263

Source VulDB

Published Dec 30, 2025 at 18:32

Modified Dec 30, 2025 at 19:20

Affected Product

Vendor BiggiDroid

Product Simple PHP CMS

Version 1.0

Affected Versions BiggiDroid Simple PHP CMS 1.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-12-30T18:32:09.366Z",
    "modified": "2025-12-30T19:20:42.260Z",
    "type": "cve",
    "title": "BiggiDroid Simple PHP CMS Admin Login login.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338657\nhttps://vuldb.com/?ctiid.338657\nhttps://vuldb.com/?submit.725820\nhttps://gitee.com/devilrunsun/mywork/issues/IDGMME",
    "id": "CVE-2025-15263",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "BiggiDroid Simple PHP CMS 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Simple PHP CMS",
    "version": "1.0",
    "vendor": "BiggiDroid",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BiggiDroid Simple PHP CMS Admin Login login.php sql injection_CVE-2025-15263