Back to Explorer

CVE-2025-15392

PUBLISHED
12/31/2025 1af790b2-7ee1-4545-860a-a788eba489b5

Technical Description

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products

Kohana
KodiCMS
13.82.135

References

https://vuldb.com/?id.339161
VDB-339161 | Kohana KodiCMS Search API Endpoint page.php like sql injection
https://vuldb.com/?ctiid.339161
VDB-339161 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?submit.718289
Submit #718289 | KodiCMS https://github.com/KodiCMS-Kohana/cms 13.82.135 SQL Injection

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None