CVE-2025-0214

Name of the Vulnerable Software and Affected Versions TMD Custom Header Menu version 4.0.0.1

Description A problem was found in the processing of the file /admin/index.php. The manipulation of the headermenu id argument leads to SQL injection. The attack may be initiated remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations To resolve the issue, it is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the /admin/index.php file until a patch is available. Additionally, avoid using the headermenu id argument in the affected file to minimize the risk of exploitation.