CVE-2025-5401

Name of the Vulnerable Software and Affected Versions chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513

Description A critical issue was found in the file /post.php of the component GET Parameter Handler, where the manipulation of the p id argument leads to SQL injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations As a temporary workaround, consider disabling the p id parameter in the /post.php file until a fix is available. Restrict access to the /post.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.