CVE-2025-12248

Root

Cause

The CLTPHP Content Management System version 3.0 contains a Boolean-based blind SQL injection vulnerability in the /home/search.html endpoint. The root cause is insufficient validation and sanitization of the user-controlled keyword parameter, which is directly incorporated into SQL queries without proper escaping or parameterization. This allows an attacker to inject arbitrary SQL conditions and observe differences in application responses (e (e.g., page content or behavior) to infer the truth value of injected conditions [1].

Exploitability

The attack is remotely exploitable without authentication. An attacker only needs to send specially crafted HTTP requests to the /home/search.html endpoint with a manipulated keyword argument. Because the vulnerability is blind (Boolean-based), the attacker uses a series of true/false conditions to extract queries to enumerate database contents one character at a time, making the attack methodical but fully automated with tools [1].

Impact

Successful exploitation allows an attacker to extract sensitive database information such as the database name, table and column structures, and user credentials (including hashed passwords). If the database account used by the application has write privileges, the attacker could also manipulate or delete data, bypass authentication, or disrupt service continuity [1].

Mitigation

Status

As of the publication date (2025-10-27), no official patch or fixed version has been announced by the vendor. The vulnerability has been publicly disclosed and an exploit demonstration is available [1]. Organizations using CLTPHP 3.0 should immediately restrict network access to the vulnerable endpoint, apply input validation filtering, or consider migrating to a supported alternative until a fix is released.