CVE-2025-62606 HIGH

CVE-2025-62606: my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter

Vendor My-Little-Forum
Product mylittleforum
Weakness CWE-89 · SQLi
Published October 22, 2025
Last update October 22, 2025
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 2.5.12.

Key dates

02Disclosure timeline

October 22, 2025 CVE published
October 22, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-6266 Pear Admin Boot loadDictItem sql injection CVE-2025-3331 codeprojects Online Restaurant Management System payment_save.php sql injection CVE-2025-11309 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findDeptPage.do doFilter sql injection CVE-2021-47714 Hasura GraphQL 1.3.3 Local File Read via SQL Injection CVE-2021-24492 Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection