CVE-2025-50979

Vulnerability

Overview NodeBB v4.3.0 contains a SQL injection vulnerability in the /api/v3/search/categories API endpoint [1]. The search query parameter is not sanitized before being used in a SQL query, allowing unauthenticated remote attackers to inject malicious SQL payloads [1][3].

Exploitation

Details The endpoint accepts a search parameter that is passed directly to a PostgreSQL database. Attackers can exploit this using boolean-based blind injection or error-based techniques, as demonstrated by sqlmap [3]. The injection relies on the database being PostgreSQL, which NodeBB supports [2]. No authentication is required, and the vulnerability can be triggered via a simple HTTP GET request [3].

Impact

Successful exploitation enables an attacker to extract sensitive information from the database, such as user credentials, configuration data, and other forum content [1][3]. The blind injection approach allows data extraction even without direct output, and error-based methods can reveal information through database error messages [3].

Status

Proof-of-concept exploit code has been published [3], and no patch has been announced at the time of this writing. Users of NodeBB v4.3.0 should monitor for updates or consider implementing mitigations such as input validation or a web application firewall.