EUVD-2025-16571CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component GET Parameter Handler. The manipulation of the argument u_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Critical SQL injection vulnerability in the Blogbook application affecting the /user.php file's GET parameter handler, specifically the 'u_id' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, modification, or deletion. The vulnerability has been publicly disclosed with exploitation details available, and the vendor has not responded to early disclosure attempts, leaving users without an official patch.
Technical Context
The vulnerability exists in chaitak-gorai/Blogbook, an open-source blogging platform using a rolling release model. The flaw is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component, aka 'Injection'), specifically manifesting as SQL injection. The /user.php file's GET parameter handler fails to properly sanitize or parameterize the 'u_id' input before incorporating it into SQL queries. This is a classic input validation failure where user-controlled data reaches the database query engine without adequate escaping or prepared statement usage. The rolling release model means no fixed version numbers exist, and vulnerable code persists in the git repository at commit 92f5cf90f8a7e6566b576fe0952e14e1c6736513 or earlier.
Affected Products
Product: chaitak-gorai Blogbook | Affected Versions: Up to and including commit 92f5cf90f8a7e6566b576fe0952e14e1c6736513 | Component: /user.php (GET Parameter Handler, argument: u_id) | Release Model: Rolling release (no discrete versions) | CPE: Unable to construct standard CPE without official vendor NVD registration; likely would be cpe:23A:*:blogbook:*:*:*:*:*:*:* pending vendor assignment. Affected Installation: Any deployment of Blogbook from the vulnerable commit or earlier, including active clones from the main repository. No vendor advisory or official patch availability documented.
Remediation
Immediate Actions: (1) Upgrade/patch: Since vendor has not responded and rolling releases complicate versioning, users must check the repository for commits after 92f5cf90f8a7e6566b576fe0952e14e1c6736513 that address SQL injection in /user.php. Review git log for security-related fixes. (2) Workaround (if patched version unavailable): Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns in the 'u_id' parameter (e.g., blocking single quotes, UNION keywords, comment sequences unless properly escaped). (3) Code-level mitigation: If source code access exists, immediately apply parameterized queries/prepared statements to the /user.php file's user ID handling, replacing any string concatenation in SQL queries with parameter binding. (4) Access control: Restrict /user.php access via network segmentation or IP whitelisting pending code fix. (5) Monitoring: Enable SQL error logging and alerting to detect exploitation attempts. Vendor contact: Contact chaitak-gorai on GitHub to request security fix priority and coordinated release; if unresponsive, consider forking with patched version or migrating to alternative blogging platforms with active security maintenance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today