GHSA-h8wv-vv58-468h

Source

https://github.com/advisories/GHSA-h8wv-vv58-468h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-h8wv-vv58-468h/GHSA-h8wv-vv58-468h.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-h8wv-vv58-468h

Aliases

CVE-2025-56556

Published

2025-09-11T21:31:54Z

Modified

2025-09-12T21:42:18.283899Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool

Details

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2025-09-11T19:15:32Z",
    "github_reviewed_at": "2025-09-12T21:10:17Z",
    "cwe_ids": [
        "CWE-566"
    ],
    "severity": "MODERATE"
}

References

Affected packages

Packagist / intelliants/subrion

Package

Name: intelliants/subrion
Purl: pkg:composer/intelliants/subrion

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.2.1

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.2.0

v4.2.1