html5_snmp
修正版
1.11.1
CVE-2019-25298 describes a critical SQL Injection vulnerability present in html5snmp versions 1.11–1.11. This flaw allows attackers to inject malicious SQL code into database queries through the RouterID and Router_IP parameters, potentially leading to unauthorized data access or modification. The vulnerability was published on 2026-02-06 and mitigation involves upgrading to a patched version or implementing temporary workarounds.
Successful exploitation of CVE-2019-25298 can have severe consequences. An attacker could leverage error-based, time-based, or union-based SQL injection techniques to bypass authentication and authorization controls. This could lead to the extraction of sensitive data, including user credentials, configuration information, and potentially even the entire database contents. Furthermore, an attacker could modify data within the database, leading to data corruption or system instability. The blast radius extends to any system relying on the vulnerable html5_snmp component, potentially impacting multiple users and services.
The vulnerability is publicly known and described with multiple injection techniques. While no active exploitation campaigns have been definitively linked to CVE-2019-25298, the critical severity and ease of exploitation suggest a potential risk. The vulnerability has been added to the CISA KEV catalog, indicating a heightened level of concern. Public proof-of-concept exploits are likely to exist or be developed.
Systems utilizing html5_snmp versions 1.11–1.11 are at direct risk. This includes web applications and services that integrate this component for SNMP functionality. Shared hosting environments where multiple users share the same server instance are particularly vulnerable, as a compromise of one user's application could potentially lead to the compromise of others.
• php / server:
find /var/www/html -name 'html5_snmp.php' -print0 | xargs -0 grep -i 'Router_ID.*Router_IP'• generic web:
curl -I 'http://your-server/html5_snmp.php?Router_ID=1' 2>&1 | grep -i 'SQL syntax'disclosure
エクスプロイト状況
EPSS
0.04% (11% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2019-25298 is to upgrade to a patched version of html5snmp. If an immediate upgrade is not feasible due to compatibility issues or downtime constraints, consider implementing temporary workarounds. These may include deploying a Web Application Firewall (WAF) with rules to filter out malicious SQL injection attempts targeting the RouterID and RouterIP parameters. Input validation and sanitization on the application side can also help prevent malicious input from reaching the database. After upgrade, confirm by attempting to inject a simple SQL payload into the RouterID and Router_IP parameters and verifying that the query fails with an appropriate error message.
Actualizar a una versión parcheada o descontinuar el uso de html5_snmp 1.11. La vulnerabilidad permite la inyección SQL a través de los parámetros Router_ID y Router_IP, lo que podría permitir a atacantes extraer o modificar información de la base de datos.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2019-25298 is a critical SQL Injection vulnerability affecting html5snmp versions 1.11–1.11, allowing attackers to manipulate database queries through RouterID and Router_IP parameters.
If you are using html5_snmp version 1.11–1.11, you are potentially affected. Assess your environment and implement mitigation steps immediately.
The recommended fix is to upgrade to a patched version of html5_snmp. If upgrading is not immediately possible, implement WAF rules and input validation as temporary workarounds.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's critical severity and ease of exploitation suggest a potential risk.
Official advisories for html5_snmp are typically found on the project's website or associated security mailing lists. Consult the project's documentation for specific details.