How to fix CVE-2025-34059?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Is PHP affected by CVE-2025-34059?

CVE-2025-34059 presents significant security risk, a SQL injection vulnerability rated CVSS 8.7. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2025-34059

EUVD-2025-19638 HIGH

2025-07-01 [email protected]

PHP SQLi

8.7

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 01:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:42 euvd

EUVD-2025-19638

CVE Published

Jul 01, 2025 - 15:15 nvd

HIGH 8.7

DescriptionNVD

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

AnalysisAI

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

CVE-2025-34059 vulnerability details – vuln.today

Back