Platform
php
Component
native-php-cms
Opgelost in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in native-php-cms version 1.0. This flaw allows attackers to inject malicious scripts through manipulation of the 'info' argument within the /fladmin/sysconfig_doedit.php file. Affected users should upgrade to version 1.0.1 to address this security concern. The vulnerability has been publicly disclosed.
Successful exploitation of CVE-2025-0485 allows an attacker to inject arbitrary JavaScript code into the native-php-cms application. This can lead to various malicious outcomes, including session hijacking, defacement of the website, redirection to phishing sites, and theft of sensitive user data. The attacker can execute code in the context of the user's browser, potentially gaining access to their credentials or other private information. Given the nature of XSS, the impact can range from minor annoyance to significant data compromise, depending on the attacker's goals and the sensitivity of the data handled by the application.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. There is currently no indication of active campaigns targeting this specific vulnerability, but the availability of public information makes it a potential target for opportunistic attackers. Severity is assessed as LOW due to the potential for limited impact and the requirement for user interaction. No KEV listing is present at this time.
Websites and applications utilizing native-php-cms version 1.0 are at risk. This includes deployments where the /fladmin/sysconfig_doedit.php file is accessible and user input is not properly validated. Shared hosting environments using native-php-cms are particularly vulnerable due to the potential for cross-tenant exploitation.
• php / web: Examine /fladmin/sysconfig_doedit.php for unsanitized input handling of the 'info' parameter.
• generic web: Use curl to test the /fladmin/sysconfig_doedit.php endpoint with a simple XSS payload (e.g., <script>alert(1)</script>).
• generic web: Review access and error logs for suspicious requests to /fladmin/sysconfig_doedit.php containing XSS payloads.
disclosure
Exploit Status
EPSS
0.22% (45% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-0485 is to upgrade native-php-cms to version 1.0.1, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the 'info' parameter in /fladmin/sysconfigdoedit.php to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload through the /fladmin/sysconfigdoedit.php interface and verifying that it is properly sanitized.
Actualizar a una versión parcheada o aplicar las medidas de seguridad necesarias para evitar la inyección de código malicioso a través del parámetro 'info' en el archivo '/fladmin/sysconfig_doedit.php'. Validar y limpiar las entradas del usuario es crucial. Si no hay una versión parcheada disponible, considere deshabilitar o eliminar la funcionalidad afectada hasta que se pueda aplicar una solución.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-0485 is a cross-site scripting (XSS) vulnerability in native-php-cms version 1.0, allowing attackers to inject malicious scripts.
You are affected if you are using native-php-cms version 1.0 and have not upgraded to version 1.0.1.
Upgrade native-php-cms to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the 'info' parameter.
While there's no confirmed active exploitation, the public disclosure increases the risk of future attacks.
Refer to the native-php-cms project's official website or repository for the latest security advisories.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.