CVE Alert: CVE-2025-10667 – itsourcecode – Online Discussion Forum
CVE-2025-10667
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
AI Summary Analysis
Risk verdict
High risk to any public-facing installations; remote SQLi with a public PoC implies exploitable over the network with no authentication required and low complexity.
Why this matters
Exploitation can disclose or corrupt data in the forum’s database, potentially exposing user information and posts, and enabling data tampering. If the forum shares a database with other services, attackers could pivot to adjacent systems or leverage access for broader compromise. The presence of a PoC and public exploitation guidance increases likelihood of automated attempts.
Most likely attack path
No user interaction required; an attacker can send crafted requests to a remote endpoint to trigger SQL injection via an ID parameter. With PR:N and AC:L, the attack is technically feasible by unauthenticated actors over the network. If the database account has sufficient privileges, data exfiltration or modification could occur; lateral movement is plausible if the same database serves other apps.
Who is most exposed
Publicly accessible deployments of the online discussion forum, especially older 1.0 installations on shared hosting or poorly segmented environments with direct DB access.
Detection ideas
- Look for SQL error messages returned in responses or backend logs.
- Spike in requests to compose_msg.php with unusual ID values or patterns (e.g., UNION SELECT, tautologies).
- Anomalous query activity in DB logs from web app user accounts.
- WAF/IPS alerts for SQL injection patterns.
- Unusual data retrieval or post modifications outside normal user activity.
Mitigation and prioritisation
- Apply vendor patch or upgrade to non-vulnerable version; test in staging before production.
- Implement parameterised queries/prepared statements and input validation for all user-supplied IDs.
- Enforce least privilege for the DB account used by the app; rotate credentials; monitor DB activity for anomalous access.
- Disable or sandbox the vulnerable functionality if a patch cannot be applied promptly; enable strict input handling and output encoding.
- Elevate to priority 1 if KEV or EPSS indicators suggest high exploit likelihood; otherwise proceed with rapid remediation and monitoring.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
