EUVD-2025-16579
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Critical SQL injection vulnerability in Blogbook's /post.php file affecting the GET parameter 'p_id', allowing unauthenticated remote attackers to execute arbitrary SQL queries and compromise database confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploitation proof-of-concept code available, though the vendor has not responded to early disclosure notifications. The affected product uses rolling releases, making version tracking difficult, but the vulnerability is confirmed present up to commit 92f5cf90f8a7e6566b576fe0952e14e1c6736513.
Technical Context
The vulnerability exists in chaitak-gorai's Blogbook application, a PHP-based blogging platform. The root cause is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component, commonly known as injection flaws). The /post.php component's GET Parameter Handler fails to properly sanitize or parameterize the 'p_id' argument before incorporating it into SQL queries, enabling classic SQL injection attacks. No CPE string is formally assigned in standard databases for this open-source project, but the affected component is identifiable by repository commit hash (92f5cf90f8a7e6566b576fe0952e14e1c6736513). The vulnerability bypasses all access controls due to the lack of authentication requirements (PR:N in CVSS vector).
Affected Products
Product: chaitak-gorai Blogbook | Affected Version: Up to and including commit 92f5cf90f8a7e6566b576fe0952e14e1c6736513 | Component: /post.php (GET Parameter Handler) | Vulnerable Parameter: p_id | Vendor: chaitak-gorai (GitHub: https://github.com/chaitak-gorai/Blogbook or similar) | Release Type: Rolling releases with no fixed version numbering. No official vendor advisory or patch release has been issued, and the vendor did not respond to coordinated disclosure attempts. Users must identify their deployment version/commit hash and compare against the disclosed vulnerable commit.
Remediation
1. IMMEDIATE: Implement input validation and parameterized queries (prepared statements) in /post.php to sanitize the 'p_id' parameter using PHP's mysqli_prepare() or PDO prepared statements. 2. Web Application Firewall (WAF): Deploy rules to detect and block SQL injection payloads in GET parameters to /post.php (e.g., detecting UNION, OR 1=1, CAST, etc.). 3. Database-Level: Apply principle of least privilege—ensure the database user account used by Blogbook has minimal necessary permissions (no DROP, ALTER privileges). 4. Monitoring: Enable database query logging to detect anomalous SQL patterns. 5. Code Review: Audit all other GET/POST parameters in the application for similar SQL injection flaws. 6. Upgrade: Monitor the chaitak-gorai Blogbook repository for security commits post-92f5cf90f8a7e6566b576fe0952e14e1c6736513; deploy any patched commits. Due to vendor non-responsiveness and rolling-release model, proactive forking or patching may be necessary. 7. Consider Alternative: If timely patching is unavailable, migrate to actively maintained blogging platforms with security-focused development practices.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today