CVE-2025-51667
HIGHsimple-admin-core 1.2.0-1.6.7 - SQL Injection via /sys-api/role/update Interface
Title source: llmDescription
An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/66Giraffe66/fc258f7fcc65a6a1a1a01e217977b92d
Exploit, Issue Tracking, Patch, Vendor Advisory
https://github.com/suyuan32/simple-admin-core/issues/333
Scores
CVSS v3
7.0
EPSS
0.0025
EPSS Percentile
16.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (2)
ryansu/simple_admin
1.2.0 - 1.6.7
suyuan32/simple-admin-core
1.2.0 - 1.6.8Go
Published
Aug 27, 2025
Tracked Since
Feb 18, 2026