平台
wordpress
组件
school-management
修复版本
92.0.1
CVE-2025-47573 describes a critical SQL Injection vulnerability discovered in mojoomla School Management. This flaw allows attackers to perform blind SQL injection, potentially leading to unauthorized data access and system compromise. The vulnerability impacts versions prior to 92.0.1, and a patch is available in version 92.0.1.
The SQL Injection vulnerability in mojoomla School Management poses a significant risk to data confidentiality and integrity. An attacker could leverage this flaw to bypass authentication mechanisms and directly query the database, extracting sensitive information such as student records, teacher details, financial data, and administrative credentials. Successful exploitation could lead to data breaches, identity theft, and disruption of school operations. The 'blind' nature of the injection means the attacker doesn't receive direct feedback from the database, requiring more sophisticated techniques to extract data, but doesn't inherently limit the potential impact. This type of vulnerability, if left unaddressed, can be exploited repeatedly.
CVE-2025-47573 was publicly disclosed on 2025-06-17. The vulnerability's severity is classified as CRITICAL (CVSS 9.3). No public proof-of-concept (PoC) code has been observed at the time of writing, but the nature of blind SQL injection makes it likely that such exploits will emerge. It is not currently listed on the CISA KEV catalog, but its critical severity warrants close monitoring.
Schools and educational institutions utilizing mojoomla School Management are at significant risk. Specifically, those running older, unpatched versions (prior to 92.0.1) are particularly vulnerable. Organizations relying on mojoomla for sensitive student data or administrative functions should prioritize patching.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/mojoomla/includes/• generic web:
curl -I https://your-mojoomla-site.com/ | grep SQL• wordpress / composer / npm:
wp plugin list | grep mojoomla• wordpress / composer / npm:
wp plugin update mojoomladisclosure
漏洞利用状态
EPSS
0.06% (18% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-47573 is to immediately upgrade mojoomla School Management to version 92.0.1 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. While a direct WAF rule is difficult to craft for blind SQL injection, implementing strict input validation and parameterized queries at the application level can reduce the attack surface. Regularly review database access logs for suspicious activity, particularly queries containing unusual characters or patterns. Consider implementing a web application firewall (WAF) with SQL injection protection rules, although their effectiveness against blind injection can be limited.
Actualice el plugin School Management a una versión corregida. Consulte las notas de la versión del plugin o el sitio web del desarrollador para obtener instrucciones específicas sobre cómo actualizar y mitigar la vulnerabilidad de inyección SQL.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-47573 is a critical SQL Injection vulnerability affecting mojoomla School Management versions before 92.0.1, allowing attackers to extract data through blind SQL injection.
If you are using mojoomla School Management versions prior to 92.0.1, you are vulnerable to this SQL Injection flaw. Immediately check your version and upgrade.
Upgrade mojoomla School Management to version 92.0.1 or later to patch this vulnerability. If immediate upgrade is not possible, implement temporary workarounds like input validation and WAF rules.
While no active exploitation has been confirmed, the vulnerability's severity and the nature of blind SQL injection suggest it's likely to be targeted. Continuous monitoring is crucial.
Refer to the official mojoomla security advisory page for the most up-to-date information and guidance regarding CVE-2025-47573.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。