CVE-2025-6005 is a SQL Injection vulnerability identified in kiCode111's product "like-girl" version 5.2.0, specifically within the /admin/aboutPost.php file. The vulnerability arises from improper sanitization or validation of multiple input parameters including title, aboutimg, info1 through info6, btn1, btn2, infox1 through infox6, btnx2, infof1 through infof4, btnf3, and infod1 through infod5. An attacker can remotely manipulate these parameters to inject malicious SQL code, potentially altering the backend database queries executed by the application. The vulnerability does not require user interaction or authentication, making it remotely exploitable over the network. Despite the critical classification, the CVSS 4.0 score is 5.1 (medium severity) due to the presence of high privileges required (PR:H) and limited impact on confidentiality, integrity, and availability (all low). The vendor has not responded to disclosure attempts, and no patches or mitigations have been published. No known exploits are currently reported in the wild, but public disclosure increases the risk of exploitation attempts. The vulnerability affects only version 5.2.0 of the product, and the lack of vendor response suggests that organizations using this version remain exposed. The attack surface is broad given the numerous parameters vulnerable to injection, increasing the likelihood of successful exploitation if the application is internet-facing or accessible by untrusted users.

For European organizations using kiCode111 like-girl 5.2.0, this vulnerability poses a risk of unauthorized database access or manipulation. Successful exploitation could lead to data leakage, unauthorized data modification, or disruption of application functionality. Although the CVSS score is medium, the fact that exploitation requires high privileges limits the attacker's initial access vector, potentially reducing the risk to internal or less exposed systems. However, if an attacker gains administrative access or if the application is misconfigured to allow broader access, the impact could escalate. Data confidentiality and integrity could be compromised, affecting sensitive business or customer information. Availability impact is low but could occur if injected queries cause application errors or crashes. The lack of vendor patching means organizations must rely on compensating controls. Given the public disclosure, European entities in sectors with high regulatory requirements (e.g., finance, healthcare) could face compliance risks if data breaches occur. Additionally, organizations with internet-facing administrative interfaces are at higher risk of remote exploitation.

1. Immediate mitigation should include restricting access to the /admin/aboutPost.php endpoint to trusted internal networks or VPN users only, minimizing exposure to untrusted actors. 2. Implement Web Application Firewall (WAF) rules specifically targeting SQL injection patterns on the affected parameters to block malicious payloads. 3. Conduct thorough input validation and sanitization on all parameters listed, using parameterized queries or prepared statements to prevent injection. 4. If possible, upgrade to a newer, patched version of like-girl once available or consider alternative products if vendor support is discontinued. 5. Monitor application logs for unusual database query patterns or errors indicative of injection attempts. 6. Employ network segmentation to isolate administrative interfaces from general user access. 7. Regularly back up databases to enable recovery in case of data corruption or loss. 8. Engage in proactive threat hunting and vulnerability scanning focused on this CVE to detect exploitation attempts early. 9. If vendor patches remain unavailable, consider code review and custom patching by internal security teams or third-party experts to remediate the vulnerability.